RIBridges data breach: Answering questions about credit freezes, getting benefits and more – The Providence Journal

With Rhode Island’s public benefits computer system breached by hackers, thousands of Rhode Islanders are worried that their personal information has been exposed.
Deloitte, the information technology vendor that built and runs the computer system known as RIBridges and UHIP, discovered that dangerous malware was embedded in the RIBridges computer code.
Since last week, state authorities have advised people to protect their confidential information through measures like password changes and credit freezes.
So we’ve rounded up answers to questions from readers.
 RIBridges facilitates applications for benefits programs including:
The state has said that anyone whose personal information has been compromised will receive a letter by mail that explains how to access free credit monitoring.
State officials urged anyone who has applied for benefits through the system since 2016 to change passwords and monitor their bank accounts for suspicious charges.
The cybercriminals threatened to release personal data, including names, addresses, birth dates, Social Security numbers and bank information, state Chief Information Officer Brian Tardiff said last week.
The state launched a call center on Sunday for Rhode Islanders to receive general information about the breach and learn what steps they can take to protect their data. Representatives won’t have any information on individual cases, as of now. McKee said that the call center received around 1,100 calls on its opening day.
The toll-free hotline can be reached at 833-918-6603. It was set to remain open on Sunday until 8 p.m. and then continue operating from Mondays to Fridays between 9 a.m. and 9 p.m. 
Rhode Islanders will also be able to access updates from the state and general guidance online at cyberalert.ri.gov.
According to Mike Tetreault, cybersecurity advisor at the Cybersecurity and Infrastructure Security Agency, U.S. Department of Homeland Security, anyone concerned about identity theft should engage credit monitoring and watch their bank accounts. Tetreault advised residents to change their key online passwords to something with at least 10 characters and use multifactor identification, where an email or telephone is used to confirm a login in addition to a password.
The state is recommending that those affected:
A freeze means creditors cannot access your credit report, meaning no new credit account can be opened in your name, whether it is fraudulent or legitimate. 
There are three major credit reporting agencies, and you should contact all three: Equifax, (800) 525-6285, equifax.com; Experian, (888) 397-3742, experian.com and TransUnion, (800) 680-7289, transunion.com. It takes about one business day to freeze your account, and once you know your information is safe, you can have them unfreeze it.
It’s free. Also, you can get a free copy of your credit report every 12 months from the three main credit reporting agencies.
Attorney General Peter Neronha’s office released some guidance about the data breach:
With the system shut down, state employees, beneficiaries, and applicants alike don’t have access to the benefit portals. Services previously hosted through the RIBridges system will now be processed on paper or in person.
Anyone who was already enrolled in a HealthSource RI plan can pay their January premium by phone, in person, or at CVS locations – excluding locations inside Target stores. Although the open enrollment period goes until the end of January, new enrollments are not currently being processed, the agency’s director said Monday.
Kimberly Merolla-Brito, the state’s Department of Human Services director, said they’re confident that the cyberattack won’t interfere with delivering benefits in January. 
McKee noted that temporary disability insurance and unemployment are not part of the breached system.
The data breach affected EBT cardholders, and state officials recommend people change their pins and even freeze their accounts.   
RIBridges was attacked by the international ransomware gang named Brain Cipher, which took credit for a hack of Deloitte UK in early December.
McKee said he did not know how much money the hackers demanded, because Deloitte was communicating with them. However, he said he would have the final say on the decision to pay a ransom.
The Rhode Island Current reported as of 1:30 p.m. Tuesday, the countdown clock on Brain Cipher’s dark web site showed about 27 hours left before some data would be released. 
The state said it’s working closely with Deloitte to uncover the cause of the cyberattack and its full extent, although Deloitte representatives have not been present at any of the governor’s press conferences so far.  
With reporting from Patrick Anderson, Alex Kuffner, Katie Mulvaney and Nish Kohli.

source
This is a newsfeed from leading technology publications. No additional editorial review has been performed before posting.