PROVIDENCE, R.I. (WPRI) -- An international ransomware group that has previously targeted government agencies in Indonesia and France is taking responsibility for the major cyberattack that has rocked Rhode Island's state government, Target 12 has confirmed. Deloitte, the contractor that runs the state's RIBridges system, confirmed Monday that the cybercriminal group Brain Cipher is the organization behind the attack. Officials have warned that the group could release private data, including Social Security and bank account numbers, for hundreds of thousands of Rhode Islanders. RELATED: RI residents urged to act immediately after data hack The hack of a Deloitte-run system first came to light on Dec. 4, when cybersecurity news outlets reported that Brain Cipher had announced the operation in a blog post on the dark web. "Unfortunately, giant companies do not always do their job well," the blog post said, according to a screenshot published by Cybernews. The company claimed to have accessed more than 1 terabyte of material, and suggested Deloitte had not followed "elementary points" of data security. It also set Dec. 15 as the deadline for Deloitte to respond. At the time, Deloitte quickly told news outlets that its own internal systems hadn't been breached, though one of its clients' systems had. But it wasn't until Monday, when Target 12 asked directly, that the company confirmed Brain Cipher had compromised RIBridges. "The only system impacted by the Brain Cipher data breach is RIBridges," Deloitte spokesperson Karen Walsh told Target 12. "There is no impact to any other clients or Deloitte systems." "I can assure you we are working around the clock to resolve this issue," Walsh added. "Because this is an ongoing investigation, we cannot say anything more at this time." Separately, Attorney General Peter Neronha's office confirmed that lawyers there are examining whether to pursue some sort of legal action against Deloitte over the security failure. "The attorney general will ensure accountability on behalf of Rhode Islanders for this failure to protect their most sensitive identity information, about which they are understandably very, very concerned," Neronha spokesperson Tim Rondeau said in a statement. "We will pursue any and all legal actions in order to help make those affected whole," he said. "To that end, we have already taken preliminary steps such as notifying Deloitte of its obligation to preserve information and documents." Rhode Island officials said they were first notified by Deloitte of the data breach on Dec. 5, a day after Brain Cipher's blog post went up. Officials became more alarmed about the situation last week, after the hackers showed screenshots of file folders inside RIBridges and revealed malicious software had been put into the system. The state confirmed the hack Friday night. Brain Cipher made headlines in June after it hacked Indonesia's national data center, causing major disruption in the country. The group has also been blamed for an attack on French museums that occurred around the time of the Paris Olympics. "Like other ransomware operations, Brain Cipher will breach a corporate network and spread laterally to other devices," wrote Lawrence Abrams, a veteran technology journalist, on the website Bleeping Computer after the Indonesia incident. "Once the threat actors gain Windows domain admin credentials, they deploy the ransomware throughout the network." "However, before encrypting files, the threat actors will steal corporate data for leverage in their extortion attempts, warning victims that it will be publicly released if a ransom is not paid," Abrams explained. RIBridges, originally known as UHIP, was developed by Deloitte under a state contract to create a central IT system for programs such as Medicaid, SNAP and HealthSource RI. Its launch in 2016 was a major fiasco, but the system eventually stabilized, and the state later extended Deloitte's contract to run it. Gov. Dan McKee has scheduled a news conference Monday at 3 p.m. to provide an update on how officials are addressing the cyberattack. Ted Nesi ([email protected]) is a Target 12 investigative reporter and 12 News politics/business editor. He co-hosts Newsmakers and writes Nesi's Notes on Saturdays. Connect with him on Twitter, Bluesky and Facebook. Close Thanks for signing up! Watch for us in your inbox. Subscribe Now Nesi's Notes SIGN UP NOW