Attorney general will probe whether RIPTA's handling of data breach complied with the law [The Providence Journal] - Insurance News | InsuranceNewsNet

InsuranceNewsNet — Your Industry. One Source.™

Sign in
  • Subscribe
  • About
  • Advertise
  • Contact
Home Now reading Newswires
Topics
    • Advisor News
    • Annuity Index
    • Annuity News
    • Companies
    • Earnings
    • Fiduciary
    • From the Field: Expert Insights
    • Health/Employee Benefits
    • Insurance & Financial Fraud
    • INN Magazine
    • Insiders Only
    • Life Insurance News
    • Newswires
    • Property and Casualty
    • Regulation News
    • Sponsored Articles
    • Washington Wire
    • Videos
    • ———
    • About
    • Meet our Editorial Staff
    • Advertise
    • Contact
    • Newsletters
  • Exclusives
  • NewsWires
  • Magazine
  • Newsletters
Sign in or register to be an INNsider.
  • AdvisorNews
  • Annuity News
  • Companies
  • Earnings
  • Fiduciary
  • Health/Employee Benefits
  • Insurance & Financial Fraud
  • INN Exclusives
  • INN Magazine
  • Insurtech
  • Life Insurance News
  • Newswires
  • Property and Casualty
  • Regulation News
  • Sponsored Articles
  • Video
  • Washington Wire
  • Life Insurance
  • Annuities
  • Advisor
  • Health/Benefits
  • Property & Casualty
  • Insurtech
  • About
  • Advertise
  • Contact
  • Editorial Staff

Get Social

  • Facebook
  • X
  • LinkedIn
Newswires
Newswires RSS Get our newsletter
Order Prints
December 29, 2021 Newswires
Share
Share
Post
Email

Attorney general will probe whether RIPTA's handling of data breach complied with the law [The Providence Journal]

Providence Journal (RI)

The Rhode Island Attorney General's office is investigating the Rhode Island Public Transit Authority's handling of a data breach that's affecting thousands of past and present state employees.

Kristy dosReis, a spokeswoman for Attorney General Peter Neronha, said the office was "reviewing this incident to determine whether the entities involved have complied with state laws regarding notification and safeguarding of personal information in their custody."

The attorney general's office was notified about the breach on Dec. 23, dosReis said, and has been receiving a "high call volume."

Data breach: More than 5,000 people affected by security breach of RIPTA health plan.

More than 17,000 people in Rhode Island were affected by a breach of RIPTA's computer network in August, according to letters that victims received this week. Many of the individuals who had their personal data stolen had never worked for RIPTA or interacted with the transit agency, raising the question of why their information was on RIPTA's network.

Rep. Edith Ajello, D-Providence, told The Providence Journal that she was among the victims of the breach, and similarly wondered how RIPTA had obtained her information.

"I haven't been on a bus for almost a decade," she said.

Ajello said she sought an explanation and was told that UnitedHealthcare had been sending bills for all state employees' health claims to RIPTA — leaving it up to the transit agency to sort out which of those claims came from RIPTA employees.

UnitedHealthcare administered the health plan for state employees prior to 2020. The company did not respond to inquiries by press time.

RIPTA senior executive Courtney Marciano previously told The Journal that the data that hackers obtained had been sent to the transit agency by a "previous health insurance provider." Blue Cross/Blue Shield of Rhode Island is RIPTA's current health insurer.

More: Hacker hit RIPTA. Here's why over 17,000 state employees discovered their data was stolen

Marciano did not answer additional inquiries about who that provider was, or whether the information provided to Ajello was correct.

RIPTA has not explained why files that contained state employees' personal information — including names, addresses, dates of birth, Social Security numbers, health plan numbers and the dates and amounts of health claims — were not deleted or destroyed.

RIPTA's handling of the breach has led to widespread confusion. Many current and former state employees were baffled when they received letters earlier this week alerting them that their data had been stolen.

Many had never worked for RIPTA or had any other interaction with the public transportation agency. The letters did not say that the breach had also affected employees in other branches of government, or explain why RIPTA had those employees' personal data in the first place.

Several state employees who contacted The Journal said they and their coworkers had initially assumed the letter was a scam, because it listed a processing center in Portland, Oregon, as a return address.

In an apparent effort to quell the confusion, Director of Administration James E. Thorsen sent out an email to state employees on Tuesday, confirming that RIPTA had been "the target of a recent security incident that involved the personal information of beneficiaries of the State of Rhode Island's health plans."

Thorsen also included an additional piece of information about the breach: The files that were stolen pertained to "health plan billing from about 2013 through 2015."

However, several current and former state employees who were notified that their data was stolen told The Journal that they did not work for the state during those years — making it unclear why their personal information would have been included in the files.

Rhode Island's Identity Theft Protection Act of 2015 gives government agencies 45 days to notify affected individuals about a data breach. That notification process can be delayed if it would "impede a criminal investigation," but only if requested by a federal, state, or local law-enforcement agency.

But state employees affected by the RIPTA breach were in the dark until they received letters in the mail this week — stating that RIPTA had learned Oct. 28 that the hackers stole files that contained their personal information.

Those letters were dated and postmarked Dec. 21, nearly two months later. The breach took place at the beginning of August.

RIPTA did not respond to an inquiry about whether the delayed notification might have violated the law. Gov. Dan McKee declined to comment during an interview with The Journal on Wednesday, saying that he did not have enough knowledge about the situation.

The Identity Theft Protection Act also states that agencies "shall not retain personal information for a period longer than is reasonably required" unless other laws or retention policies state otherwise.

The law carries penalties of $100 for "reckless" violations or $200 for "knowing and willful" violations, which could add up to a fine in the millions.

With reports from Journal Staff Writer Patrick Anderson

©2021 www.providencejournal.com. Visit providencejournal.com. Distributed by Tribune Content Agency, LLC.

Older

Fairfax Announces Completion of Substantial Issuer Bid

Newer

Death Toll From Kentucky Tornadoes Now At 77

Advisor News

  • Dutch gambling tax hike falls short as prediction markets eye World Cup
  • Caregiving: A challenge that costs employers billions
  • Could your practice benefit from an advisory board?
  • SEC nears settlement with accused scammer Tai Lopez
  • The 3 things that shrink your Social Security income
More Advisor News

Annuity News

  • Globe Life Inc. (NYSE: GL) Highlighted for Surprising Price Action
  • Trademark Application for “EMPOWER YOUR MONEY” Filed by Empower Annuity Insurance Company of America: Empower Annuity Insurance Company of America
  • Built-in guaranteed annuities: What advisors should know
  • Malibu Life Holdings Completes Acquisition of TruSpire, Establishing Malibu USA and Accelerating Entry into the U.S. Retail Annuity Market
  • Why job boards are failing insurance agencies
More Annuity News

Health/Employee Benefits News

  • State budget helps 200,000 afford insurance
  • State Health Plan brings back Blue Cross NC
  • Here's how Connecticut's candidates for governor differ on healthcare plans as costs rise
  • Colorado hospitals poised to receive $455 million Medicaid funding boost
  • Nevada sees drop in health insurance marketplace enrollment as subsidies lapse
More Health/Employee Benefits News

Life Insurance News

  • THINGS YOUR CLIENTS SHOULD KNOW BEFORE SELLING A LIFE INSURANCE POLICY
  • Could your practice benefit from an advisory board?
  • AM Best Revises Outlooks to Stable for Missouri Farm Bureau Group’s Members and Farm Bureau Life Insurance Company of Missouri
  • Globe Life Inc. (NYSE: GL) Highlighted for Surprising Price Action
  • AM Best Assigns Credit Ratings to China Ping An Insurance (Hong Kong) Company Limited
More Life Insurance News

NEWS INSIDE

  • Companies
  • Earnings
  • Economic News
  • INN Magazine
  • Insurtech News
  • Newswires Feed
  • Regulation News
  • Washington Wire
  • Videos

FEATURED OFFERS

Press Releases

  • Prosperity Life GroupSM Launches Prosperity PathWaySM Series, Bringing Greater Choice and Flexibility to Retirement Income Planning
  • Senior Market Sales® Fortifies Annuity Reach With Acquisition of Retirement Planning Firm Stratton & Company
  • RFP #T01625
  • Rockwood Programs Appoints Kerry Ladouceur as Vice President, Financial Lines
  • JP Insurance Group Launches Commercial Property & Casualty Division; Appoints Joe Webster as Managing Director
More Press Releases > Add Your Press Release >

How to Write For InsuranceNewsNet

Find out how you can submit content for publishing on our website.
View Guidelines

Topics

  • Advisor News
  • Annuity Index
  • Annuity News
  • Companies
  • Earnings
  • Fiduciary
  • From the Field: Expert Insights
  • Health/Employee Benefits
  • Insurance & Financial Fraud
  • INN Magazine
  • Insiders Only
  • Life Insurance News
  • Newswires
  • Property and Casualty
  • Regulation News
  • Sponsored Articles
  • Washington Wire
  • Videos
  • ———
  • About
  • Meet our Editorial Staff
  • Advertise
  • Contact
  • Newsletters

Top Sections

  • AdvisorNews
  • Annuity News
  • Health/Employee Benefits News
  • InsuranceNewsNet Magazine
  • Life Insurance News
  • Property and Casualty News
  • Washington Wire

Our Company

  • About
  • Advertise
  • Contact
  • Meet our Editorial Staff
  • Magazine Subscription
  • Write for INN

Sign up for our FREE e-Newsletter!

Get breaking news, exclusive stories, and money- making insights straight into your inbox.

select Newsletter Options
Facebook Linkedin Twitter
© 2026 InsuranceNewsNet.com, Inc. All rights reserved.
  • Terms & Conditions
  • Privacy Policy
  • InsuranceNewsNet Magazine

Sign in with your Insider Pro Account

Not registered? Become an Insider Pro.
Insurance News | InsuranceNewsNet