Alexander Castro reports:
A cybercriminal group breached the state’s public benefits portal last July, lingered inside the network’s backend for five months, and triggered hundreds of firewall alerts when it transferred gigabytes of Rhode Islanders’ data to its own servers in November.
But RIBridges system vendor and manager Deloitte, a multinational firm valued at $67.2 billion last year, didn’t know the system had been hacked until threat actor Brain Cipher took credit for the breach on its blog in early December.
“Deloitte missed some issues that we certainly hold them responsible for,” Gov. Dan McKee said at a Thursday morning press conference. “We also want to make sure that people know that we will pursue all avenues in our efforts to ensure accountability.”
One of the things Deloitte appears to have missed was its own incident logs, according to the long-awaited RIBridges forensic report by CrowdStrike from Dec. 16, 2024, to Jan. 31, 2025, and finally released to the public in an abbreviated form Thursday morning.
Read more at Rhode Island Current.