1. Home
  2. States
  3. Rhode Island

Rhode Island

Data breaches occur when an unauthorized party accesses personal or sensitive information for financial purposes. Cybercriminals utilize the vulnerabilities of these entities to access their systems via hacking, malware, phishing, denial of service, or ransomware. Rhode Island is one of the smallest states and ranks 49th in number of victims annually. In 2023, though, it also incurred $31,586,831 in damages. Most attacks experienced during the previous few years have targeted healthcare and local government institutions.

Identity Theft Statistics

Identity Theft
Reports
28TH
State Rank (Reports per 100K Population)
1,146
Identity Theft Reports
Fraud & Other
Reports
30TH
State Rank (Reports per 100K Population)
5,779
Total Fraud & Other Reports
Fraud
Losses
$2.3M
Total Fraud Losses
$257
Median Fraud Losses

Top Ten Report Categories

Imposter Scams
22%
Identity Theft
17%
Online Shopping and Negative Reviews
6%
Banks and Lenders
6%
Telephone and Mobile Services
5%
Debt Collection
4%
Prizes, Sweepstakes and Lotteries
4%
Credit Bureaus, Iformation Furnishers and Report Users
4%
Auto Related
4%
Internet Services
3%

Top Identity Theft Types

31%
847
Credit Card Fraud
18%
492
Other Identity Theft
15%
404
Bank Fraud
12%
329
Employment or Tax-Related Fraud
12%
325
Government Documents or Benefits Fraud
7%
196
Loan or Lease Fraud
5%
145
Phone or Utilities Fraud

Rhode Island's Recent Biggest Data Breaches

2023
November

Donald W. Wyatt Detention Facility Data Breach

The Donald W Wyatt Detention Facility discovered a data breach in November 2023. This breach affected 2,000 inmates, vendors, and staff. It involved malware that was installed on its computer systems. The facility released a statement indicating it believed different information types were taken from its systems and then posted on the dark web. These included names, medical data, financial details, and current as well as former staff records. Immediately after discovering the breach, Wyatt increased its security. The facility also worked with an external security expert to determine the cause of the incident. It also issued a notification to everyone involved.

2023
August

Prospect Medical Holdings Data Breach

Prospect Medical Holdings discovered a data security incident that disrupted the operation of its IT systems in August 2023. The company immediately shut down the access points to prevent further damage and began an investigation to assess the scope of the incident. Prospect Medical's investigation found that an unauthorized party had accessed its IT systems and acquired documentation related to facility patients. The information varied depending on the patient but generally entailed names, birth dates, diagnoses, medications, treatment information, dates of treatment, and financial data. The organization also notified patients who were affected via letters. The company also provided credit monitoring and identity protection services for those affected by the incident.

2022
December

Rhode Island Department of Health Email Hack

In December 2022, the Rhode Island Department of Health indicated that its systems were breached because a link to a spreadsheet was accidentally set in emails sent by a staff member. According to a spokesperson for the Department, the file contained information about people getting food box deliveries while they were in COVID-19 isolation or quarantine. To the department's knowledge, the file was accidentally emailed to 46 individuals on the list to get food box services. The spreadsheet had data such as names, personal needs, household details, addresses, and contact dates. An estimated 8,800 individuals were affected due to the data breach. These were notified following the discovery and investigation. The Department also claimed that anyone who wants to see if their information was compromised during the breach may contact their support team.

2022
July

Narragansett Bay Commission Data Breach

In July 2022, the Narragansett Bay Commission, which is in charge of the sewer systems in the Metropolitan Providence, experienced a cyberattack. One of the spokeswomen for the organization, Jamie Samons, said the attack involved an encryption of data on specific computers within the Commission's network. Though the spokeswoman did not specify if the ransom was paid, the spokeswoman indicated that those systems affected were those that controlled the sewage system. Law enforcement agencies were also contacted to assist with the investigation. It was reiterated that the Narragansett Bay Commission does not have Social Security or payment information. It enhanced security measures and trained all personnel on the importance of data security.

2022
June

Newport Server Breach

In June 2022, the city of Newport discovered unusual network activity, causing some of its systems to become unavailable. When the city learned about the activity, it immediately secured its networks and began an investigation into the event. Preliminary investigations revealed that hackers may have accessed the city's network. The information accessed included names, birth dates, Social Security numbers, addresses, financial account numbers, and group health insurance information. According to the notice, no customer information is believed to have been used negatively. That said, Newport also began mailing letters to all affected by the hack and arranged for credit monitoring and identity theft protection.

What Should You Do if You Are in a Breach?

Unfortunately, data breaches are pretty common now, considering our online connections and dependence on digital service delivery. Criminals work in the shadows to steal your personal information, so sometimes, it's only when you notice certain signs that ongoing fraud becomes apparent. These danger signs apply to both individuals and businesses.

Unfamiliar
Credit Card Charges

If you find unauthorized transactions on your credit card, there is a significant possibility your phone number, email address, or card number has been compromised.

Calls from
Debt Collectors

Phone calls or letters from collection agencies seeking debt payment for a loan you do not remember taking are also signs of identity theft.

New Credit Cards
or Loans in Your Name

A new line of credit in your name or a loan taken is a warning sign you are a victim of identity theft.

Surprise Credit
Score Drops

Sudden credit drops with no obvious cause are a sign of suspicious activities.

Unusual Activity on Your
Social Security Account

The federal government also considers social security numbers personal identifiers, so check your social security statement regularly to ensure no one has access to benefits without consent.

Inability to
Sign-in to Accounts

If you are locked out of the account, it is usually because someone has hacked into it and changed the password. You should immediately try all possible recovery options and contact customer support if all fails.

Step-by-Step Process for Responding to a Data Breach

01

Contact Local Law Enforcement

As an individual or a business, report the incident to the police and file a police report.

02

Assess and Secure Compromised Areas

Identify which aspects of your information have been affected, such as emails, passwords, credit card numbers, social security numbers, full names, and phone numbers.

03

Contain the Breach

Isolate the affected system to prevent further damage.

04

Create New, Strong Passwords for All Accounts

This may involve changing usernames and passwords for compromised platforms, using strong passwords with a mix of upper and lower-case letters, digits, and special characters.

05

Notify Affected Institutions

Inform your bank, credit card companies, and other affected institutions. Request they close or freeze any accounts that may be implicated in the breach to reduce financial risk.

06

Update Security on Digital Accounts

Change passwords for all accounts affected by the breach. Make sure each password is totally unique, and you use two-factor verification as an additional layer of security.

07

Check for Malware

Examine your computers and mobile devices for installed malware. Install robust antivirus software to detect and remove any viruses or malicious software.

08

Freeze Your Credit

In cases of identity theft, contact all credit bureaus to freeze your credit.

09

Monitor Your Mail and Credit Reports

Keep an eye out for any unauthorized changes in your mail.

10

Engage Legal Assistance When Applicable

If you are a business, consider hiring a law firm experienced in handling data breaches.

Responsibilities of Companies that Have Been Breached

Rhode Island laws mandate that data breaches be reported when personal information is believed to have been compromised. The businesses are expected to do this within 45 calendar days following the confirmation of the breach. If the notification of Rhode Island residents contravenes an ongoing law enforcement investigation, then a delay is allowed. If the breach affects more than 500 individuals, the entity must notify the Rhode Island Attorney General and nationwide consumer reporting agencies. Regulations also describe what must be included in a data breach notice to residents. They include the following:

  1. A summary of what happened and the number of individuals affected
  2. Types of personal data exposed
  3. The date of the data breach incident
  4. A description of the mitigation processes to help those affected, such as credit monitoring or a toll-free number
  5. Directions on how to do identity theft protection

Notices can be provided by written, electronic, or email notices and by telephone. If the entity does not have sufficient information concerning the residents affected, they can effect a substitute notice. These are done by doing a conspicuous posting on the website, emailing the affected residents, and alerting statewide media outlets.

Laws

Resources