Deloitte Hit With Class Action Lawsuits Over Rhode Island Benefits System Hack

Case Overview: A class action lawsuit claims Deloitte failed to protect personal data in the Rhode Island RIBridges system, leading to a data breach that exposed sensitive information.

Consumers Affected: Rhode Island residents whose personal information was compromised in the RIBridges data breach.

Court: U.S. District Court for the District of Rhode Island

Deloitte, the global consulting giant, is under fire after a cyberattack compromised the sensitive personal information of Rhode Island residents using the RIBridges system—a platform that manages state benefits programs like Medicaid and SNAP.

Class action lawsuits, filed in Rhode Island and New York federal courts, accuse Deloitte of negligence, breach of contract, and unjust enrichment. Plaintiffs allege the company failed to implement sufficient cybersecurity measures, leaving thousands of residents vulnerable to identity theft, fraud, and other misuse of their personal data, WPRI.com reports.

Deloitte Accused of Negligence in RIBridges Data Breach Lawsuit

The plaintiffs argue that Deloitte must be held accountable for the fallout, which includes stolen Social Security numbers, banking details, and other personal data. They’re seeking compensation for the harm caused and stronger measures to protect against future breaches.

Former state Representative Peter Wasylyk, representing the plaintiffs, criticized Deloitte for leaving Rhode Islanders exposed to significant risks. “Data breaches take an enormous toll—financially, emotionally, and logistically—on affected individuals,” Wasylyk said. “This breach is a stark reminder of the need for robust measures to safeguard sensitive information.”

Data Breach Exposed Sensitive Information of Rhode Island Residents

The breach came to light on December 5, when Rhode Island officials learned an international hacking group had infiltrated RIBridges, previously known as UHIP. Hackers provided evidence of the breach by sharing screenshots of stolen file directories and confirmed they had embedded malware into the system.

The compromised data spans nearly a decade and affects users of programs such as Medicaid, SNAP, Temporary Assistance for Needy Families (TANF), and HealthSource RI health insurance. In total, hundreds of thousands of Rhode Islanders may be impacted.

While Deloitte continues to investigate the incident in collaboration with law enforcement, individuals directly affected will be notified by mail. The state has also set up a call center to address concerns, but officials caution that they may not yet have definitive answers for affected residents.

In a statement, Deloitte spokesperson Karen Walsh emphasized the company’s commitment to resolving the issue. “We are working tirelessly with our client and law enforcement to address this matter. Over the past decade, Deloitte has demonstrated unwavering dedication to Rhode Island and its residents,” Walsh said.

Other Companies Face Similar Lawsuits Over Data Breaches

Deloitte is not alone in facing backlash for data breaches. Similar lawsuits have emerged across industries, highlighting the growing demand for accountability in the face of lax cybersecurity.

Robinhood Markets, the popular trading platform, is under fire for a breach that exposed sensitive customer data, with plaintiffs alleging negligence in safeguarding user information. AnnieMac Home Mortgage is also grappling with a class-action lawsuit after a breach leaked Social Security numbers and banking details of 171,000 individuals.

Meanwhile, Walsworth Publishing is accused of delaying customer notifications for nearly a year after a December 2023 breach compromised payment card information. In other cases, Wells Fargo and Avis Rent-a-Car have faced legal action for allegedly inadequate responses to data security incidents.

Case Details

• Lawsuit: Pannozzi, et al. v. Deloitte Consulting LLP.
• Case Number: 1:24-cv-00524-JJM-LDA
• Court: U.S. District Court for the District of Rhode Island

Plaintiffs' Attorneys

• Peter N. Wasylyk (Law Offices of Peter N. Wasylyk)
• Gary E. Mason, Danielle L. Perry, and Lisa A. White (Mason LLP)
• Jeffrey S. Goldenberg (Goldenberg Schneider, L.P.A.)
• Charles E. Schaffer (Levin Sedran & Berman, Counselors at Law)

Were you affected by the RIBridges data breach in Rhode Island? Share your experience in the comments below.