Loading...
Cyberattack Exposes Sensitive Data of Thousands
Deloitte Consulting LLP is under scrutiny following a December 2024 cyberattack that compromised the personal data of thousands of Rhode Island residents who applied for or received government benefits. A proposed class action lawsuit filed in the US District Court for the Southern District of New York alleges that Deloitte failed to adequately protect sensitive information stored on its systems.
Allegations of Negligence in Data Protection
According to the complaint filed on December 15, Deloitte is accused of neglecting its responsibility to secure its computer networks, monitor for cyber threats, and promptly notify affected individuals. The breach targeted RIBridges, Rhode Island’s social services platform managed by Deloitte, exposing a wide range of personal data, including names, addresses, Social Security numbers, dates of birth, and banking information.
Timeline of the Cyberattack
Deloitte first detected the cyberattack on its servers on December 5, 2024, the complaint reveals. Rhode Island government officials were informed on December 13 of what Deloitte described as a “major security threat.” In response, the state’s RIBridges benefits portal was temporarily taken offline to address the issue and assess the damage.
Programs and Data at Risk
The exposed data reportedly pertains to individuals applying for or receiving benefits under programs such as Medicaid, the Supplemental Nutrition Assistance Program (SNAP), and the Child Care Assistance Program (CCAP). In its communication to Rhode Island officials, Deloitte warned that any person who applied for or received health coverage or benefits through RIBridges could potentially be impacted.
Delay in Notification to Affected Individuals
Despite the severity of the breach, the lawsuit contends that Deloitte had not issued notices to affected individuals by the time the legal action was filed. This delay in communication has drawn criticism from both the public and state officials, raising concerns about the potential misuse of stolen data.
State Officials React to Breach
Rhode Island Governor Dan McKee addressed the breach during a December 14 press conference, acknowledging the alarming nature of the situation. “We know that this situation is alarming, and it’s stressful,” McKee said, adding that state officials were closely monitoring developments. He estimated that the breach might have exposed the personal data of hundreds of thousands of residents.
Get JD Journal in Your Mail
Subscribe to our FREE daily news alerts and get the latest updates on the most happening events in the legal, business, and celebrity world. You also get your daily dose of humor and entertainment!!
Plaintiff’s Claims Against Deloitte
Patricia Mahoney, a Rhode Island resident and recipient of benefits through RIBridges, is the named plaintiff in the class action. The lawsuit accuses Deloitte of negligence, breach of implied contract, and unjust enrichment. Mahoney is seeking compensatory damages, reimbursement of litigation costs, and injunctive relief. The proposed measures include mandatory security upgrades, annual audits, and lifetime credit monitoring for affected individuals.
Legal Representation and Case Details
The lawsuit is being handled by Mason LLP, the Law Offices of Peter N. Wasylyk, Goldenberg Schneider LPA, and Levin Sedran & Berman LLP. The case, titled Mahoney v. Deloitte Consulting LLP (Case No. 1:24-cv-09575), highlights the growing legal and financial risks companies face in the wake of cyberattacks.
Deloitte’s Response
As of this report, Deloitte has not issued a public statement or responded to requests for comment regarding the lawsuit or the allegations outlined in the complaint.
Broader Implications
This incident underscores the importance of robust cybersecurity measures, particularly for organizations managing sensitive government data. The lawsuit’s outcome may set a precedent for accountability and data protection standards in the future.
