PROVIDENCE, R.I. (WPRI) -- The tranches of RIBridges data released onto the dark web this week included several databases of people's personal information tied to Social Security Administration programs, a review by Target 12 has discovered. The databases included the names of hundreds of thousands of Rhode Islanders, along with what appear to be Social Security numbers, employment details, financial data and even family relations dating back until at least 2017. One file alone contained the names and other personal information of more than 118,000 people, although there appeared to be some duplicates on the list. Gov. Dan McKee has said the hack affected 650,000 people overall, equivalent to more than half the state's population. The cybercriminal group Brain Cipher has taken responsibility for hacking RIBridges, a state IT system for health and benefits programs built and maintained by an outside contractor, Deloitte Consulting. 12 RESPONDS: How to protect your data after the cyberattack The 10 gigabytes of data that Target 12 obtained and independently analyzed represented about 1% of the data Brain Cipher claimed to have stolen last month and then released on Monday. The group suggested it had 1 terabyte of material. In a post on its website, Brain Cipher ridiculed the state's and Deloitte's IT security. "The only reason we did this is the fact that the time it took us to penetrate the infrastructure, and in particular the domain controller, was 5 minutes!" the group wrote. "How not to take advantage of such a moment." The databases reviewed by Target 12 were almost exclusively tied to Social Security, and they contained information that's collected and shared between governments to help determine eligibility for multiple programs, including SSI, SSDI, Medicaid and cash assistance. (State officials have said the hack shouldn't affect people's ability to receive their benefits.) (article continues below video) One database is designed to help the government determine whether noncustodial parents living out of state need to pay child support. Another included a list of inmates and is designed to help the government determine whether people's benefits need to change once they're behind bars. Target 12 has learned the hackers were initially demanding a $23 million ransom in exchange for not releasing the data, which state leaders have said was a focus of negotiations between Brain Cipher and Deloitte. "It seems that it was easier to pay and calmly fix everything," Brain Cipher wrote on its website. It's unclear whether any money changed hands. McKee's office has referred all questions about the ransom to Deloitte. Company spokespeople have not responded to multiple requests for comment. Generally, law enforcement and cybersecurity experts advise against paying ransoms. "You should never pay," said Patrick Laverty, a local cybersecurity expert. Ransoms help finance cybercriminals' next attacks, and there's no guarantee after the money is paid that criminals won't end up posting the information anyway, he said. "They say they won't release the data -- I don't trust them," Laverty said. The Target 12 review of databases shows people's names, addresses, Social Security numbers, bank accounts, family members' demographic information, income levels and employment details. Although state officials have said the IT system at the R.I. Department of Labor and Training wasn't compromised as part of the hack, it appears some labor-related data was exposed. One of the databases appears to include information shared between DLT and the National Directory of New Hires, which federal officials say includes the "personal and financial data on every working American as well as those receiving unemployment insurance benefits." The database is designed in part to identify any noncustodial parents living in other states to determine whether their wages should be garnished for child support. Spokespeople for DLT and McKee declined to comment on any specific dataset exposed as part of the hack. Other databases included the Low-Income Subsidy, which helps determine whether people are eligible for subsidies through Medicare. That database comprised names, spouses' names, Social Security numbers, income levels, addresses and other personal details. Also exposed was the Public Assistance Reporting Information System, which federal officials describe as being used to ensure program recipients aren't also receiving public benefits in others states. Other exposed databases used to help determine eligibility for different programs included the State Data Exchange, the Interim Assistance Reimbursement program, the SSA Prison Match, the State Verification and Exchange System, and Third-Party Liability for Medicaid Eligibility. Third-Party Liability, or TLP, includes data showing whether beneficiaries have any third-party funding sources that might be legally required to pay out medical bills before money is spent by Medicaid or other needs-based programs, such as SSI. The review suggests people's names, addresses and what appears to be private insurance numbers were exposed in the TPL database. The Target 12 review didn't expand to other programs state officials have said were exposed as part of the hack. Those include the Supplemental Nutrition Assistance Program (SNAP), the Child Care Assistance Program (CCAP), HealthSource RI health insurance, Rhode Island Works, Long-Term Services and Supports (LTSS), and AT HOME cost-sharing among others. State leaders are urging Rhode Islanders to protect their personal data. 12 News has a full breakdown on what steps can be taken here. Eli Sherman ([email protected]) is a Target 12 investigative reporter for 12 News. Connect with him on Twitter and on Facebook. Tim White and Ted Nesi contributed to this report. Close Thanks for signing up! Watch for us in your inbox. Subscribe Now Breaking News SIGN UP NOW