Federal law enforcement, Rhode Island State Police, and relevant agencies were alerted immediately, the statement added.
Following consultation with the state IT department, Deloitte implemented additional security measures and began assessing the threat while the investigation into potential data breaches and vulnerabilities got underway. For security reasons, this information was kept internal to secure the system, the statement said.
By December 10, Deloitte confirmed that the RIBridges system had been breached, based on evidence provided by the hackers, including a screenshot of file folders. On December 11, Deloitte further determined that the implicated folders likely contained personally identifiable data from RIBridges.
