ACLU sues RIPTA, UnitedHealthcare over data breach that affected thousands of RI workers

Antonia Noori Farzan, The Providence Journal

October 25, 2022 at 3:15 PM·4 min read

The ACLU of Rhode Island is filing a class-action suit against the Rhode Island Public Transit Authority and UnitedHealthcare of New England over a data breach that compromised thousands of state employees’ personal data last year.

ACLU of RI executive director Steven Brown said Tuesday that the goals of the lawsuit are to obtain financial compensation for the victims of the August 2021 breach and “get answers as to how this happened.”

More than a year has passed, he noted, “and we still don’t have answers to many basic questions about the incident.”

The lead plaintiffs named in the lawsuit are Alexandra Morelli, a Coventry resident who has worked at the University of Rhode Island since 2016, and Diane Cappalli, who worked as a scheduling coordinator at RIPTA at the time of the breach and has since retired to Florida.

More: Why RIPTA decided to pay $170,000 to hackers who broke into its computers

From left, lead plaintiff Alexandra Morelli, attorneys Lynette Labinger and Peter Wasylyk and ACLU of Rhode Island Executive Director Steven Brown announce a class-action lawsuit against RIPTA and UnitedHealthcare on Tuesday.

This January, fraudulent transactions were made with Morelli’s Kohl’s credit card, according to the lawsuit. The next month, there was suspicious activity on her Target and GAP credit cards. Additionally, a total of $29,999 was withdrawn from her bank account without authorization in February and March.

“This entire experience was and has continued to be extremely frustrating,” Morelli said at a news conference Tuesday at the ACLU’s Providence office, noting that she had been in the process of planning her wedding. She said that the timing of the fraudulent activity convinced her that it was linked to the data breach: “I’ve never had anything like this happen to me before.”

In total, more than 20,000 current and former state employees were impacted by the breach.

Officials have said that the hackers took over RIPTA’s computer system and gained access to files that contained information about people covered by the state’s health care plan. Those files contained Social Security numbers as well as insurance claim information on some people.

Previous RIPTA data breach coverage:

Earlier this year, RIPTA said that the breach compromised the personal health information covered by HIPAA for slightly more than 5,000 people.

The files dated from the period of time when the state used UnitedHealthcare to administer its health care plan; it has since switched to BlueCross BlueShield.

"Protecting member privacy is a top priority, and we continue to work with multiple parties to understand the data breach that impacted the Public Transit Authority’s computer system," UnitedHealthcare spokeswoman Sara Mann said Tuesday. "We were privileged to serve the State of Rhode Island employees and their families until December 2019 and will continue to cooperate with the Office of the Attorney General as they investigate this matter.

RIPTA spokeswoman Barbara Polichetti wrote in an email, "We have not been notified of or served with a lawsuit from the ACLU of Rhode Island. We have no comment at this time."

Peter Wasylyk, lead attorney in the lawsuit, said that it was “totally incomprehensible” that one of the largest health insurance companies in the nation would have given RIPTA unencrypted data that contained sensitive information.

Although the breach took place in August 2021, state employees were first notified about the incident in December 2021. State law requires notification within 45 days. They were not notified about what specific information was taken, Brown said, and the initial notice indicated that the breach involved only RIPTA employees.

More: Rhode Island sewer-system operator hit by cyber attack

“To this day, it remains unclear how and why UHC provided RIPTA with the personal and health care information of non-RIPTA state employees, and why it took over four months for RIPTA to notify both their employees and other affected individuals that their information had been hacked,” the ACLU said in a news release.

The lawsuit contends that both RIPTA and UHC failed to properly secure state employees’ personal information, and did not meet the standards required by federal law. As a result, it says, the plaintiffs have had to spend a “great deal of time and effort” canceling credit cards and debit cards, contacting banks, monitoring financial accounts, disputing unauthorized purchases and battling identity theft.

The ACLU has set up an email address, RIPTA DATA BREACH@riaclu.org, for anyone who has been affected by the breach.

“If we don’t get these answers," Brown said, "then we think it will be way too easy for something like this to happen again."

This article originally appeared on The Providence Journal: ACLU sues RIPTA, UnitedHealthcare over breach of state workers' data

Yahoo Sports
Timberwolves coach Chris Finch calls Jamal Murray's heat-pack toss on court 'inexcusable and dangerous'
Murray made a bad night on the court worse during a moment of frustration on the bench.
Yahoo Sports
Former NBA guard Darius Morris dies at 33
Former NBA guard Darius Morris has died at the age of 33. He played for five teams during his four NBA seasons. Morris played college basketball at Michigan.
Yahoo Finance
The FDIC change that leaves wealthy bank depositors with less protection
Affluent Americans may want to double-check how much of their bank deposits are protected by government-backed insurance. The rules governing trust accounts just changed.
Yahoo Finance
Former House Speaker Paul Ryan says he’s not voting for Trump : 'Character is too important'
Ryan says he would be writing in a Republican candidate instead of voting for Donald Trump.
Yahoo Sports
Ranking the best situations for the rookie quarterbacks: Start with Michael Penix in Atlanta at No. 1
It’s key to note that we’re not saying the “best team” or “best roster.” Instead, we’re talking about the best confluence of factors that can outline a path for survival and then success.
Yahoo Sports
Phil Mickelson on the majors: 'What if none of the LIV players played?'
Phil Mickelson hints that big changes could be coming to LIV Golf's rosters, and the majors will need to pay attention.
Yahoo Sports
Heat's Pat Riley unhappy with Jimmy Butler's remarks on Celtics and Knicks, implies he needs to play more
Miami Heat president Pat Riley rebuked comments Jimmy Butler made about the Boston Celtics and New York Knicks, while also implying that his star needs to play more.
Yahoo Sports
Blockbuster May trade by Padres, MVP Ohtani has arrived, Willie Mays’ 93rd birthday & weekend recap
Jake Mintz & Jordan Shusterman discuss the Padres-Marlins trade that sent Luis Arraez to San Diego, as well as recap all the action from this weekend in baseball and send birthday wishes to hall-of-famer Willie Mays.
Yahoo Sports
NBA playoffs: Officials admit they flubbed critical kick-ball call in controversial final minute of Pacers-Knicks
Tuesday's last-2-minute report should be interesting.
Yahoo Finance
Social Security just passed Medicare as the government's most pressing insolvency risk
An annual government report offered a glimmer of good news for Social Security and a jolt of good news for Medicare even as both programs continue to be on pace to run dry next decade.
Yahoo Sports
No one was airing Angel Reese and Kamilla Cardoso's WNBA preseason debuts, so an X user livestreamed it
The quality was choppy, but it was better than what the WNBA had.
Yahoo Sports
The Scorecard: Andy Pages looks set to go down as one of the best fantasy baseball waiver wire pickups of 2024
Fantasy baseball analyst Dalton Del Don delivers his latest batch of hot takes as we enter Week 6 of the season.
Yahoo Sports
NBA playoffs: Predictions for Celtics-Cavaliers and every second-round series
Our NBA staff makes its picks for Knicks-Pacers and every second-round series.
Yahoo Sports
Ex-Ole Miss QB and Denver Broncos draft pick Chad Kelly suspended at least nine games by CFL
Kelly allegedly harassed a female strength and conditioning coach who sued him and the Toronto Argonauts in February.
Yahoo Sports
NFL Power Rankings, draft edition: Did Patriots fix their offensive issues?
Which teams did the best in the NFL Draft?
Yahoo Celebrity
Dwayne Johnson is difficult to work with, report claims. The star has 'mountains of public goodwill' to offset negativity, expert says.
Once named the “Most Likable Person in the World,” the actor is under fire in a new report, accused of showing up to work late on the film “Red One,” irritating the crew and causing the budget to balloon.
Yahoo Sports
The best RBs for 2024 fantasy football according to our analysts
The Yahoo Fantasy football analysts reveal their first running back rankings for the 2024 NFL season.
Yahoo Sports
Victor Wembanyama wins NBA Rookie of the Year via unanimous vote after delivering on unprecedented hype
Victor Wembanyama did everything for the Spurs as a rookie.
Autoblog
Edmunds bought a Fisker Ocean, warns others not to make the same mistake
Edmunds bought a Fisker Ocean and details the highs and lows of ownership while warning others not to make the same mistake.
Yahoo Sports
Formula 1: Miami Grand Prix sends cease and desist letter to prevent Donald Trump fundraiser during race
Race organizers say they'll revoke a Trump fundraiser's suite license if he holds an event for the former president on Sunday at the race.

News

Life

Entertainment

Finance

Sports

New on Yahoo

ACLU sues RIPTA, UnitedHealthcare over data breach that affected thousands of RI workers

Recommended Stories

Timberwolves coach Chris Finch calls Jamal Murray's heat-pack toss on court 'inexcusable and dangerous'

Former NBA guard Darius Morris dies at 33

The FDIC change that leaves wealthy bank depositors with less protection

Former House Speaker Paul Ryan says he’s not voting for Trump : 'Character is too important'

Ranking the best situations for the rookie quarterbacks: Start with Michael Penix in Atlanta at No. 1

Phil Mickelson on the majors: 'What if none of the LIV players played?'

Heat's Pat Riley unhappy with Jimmy Butler's remarks on Celtics and Knicks, implies he needs to play more

Blockbuster May trade by Padres, MVP Ohtani has arrived, Willie Mays’ 93rd birthday & weekend recap

NBA playoffs: Officials admit they flubbed critical kick-ball call in controversial final minute of Pacers-Knicks

Social Security just passed Medicare as the government's most pressing insolvency risk

No one was airing Angel Reese and Kamilla Cardoso's WNBA preseason debuts, so an X user livestreamed it

The Scorecard: Andy Pages looks set to go down as one of the best fantasy baseball waiver wire pickups of 2024

NBA playoffs: Predictions for Celtics-Cavaliers and every second-round series

Ex-Ole Miss QB and Denver Broncos draft pick Chad Kelly suspended at least nine games by CFL

NFL Power Rankings, draft edition: Did Patriots fix their offensive issues?

Dwayne Johnson is difficult to work with, report claims. The star has 'mountains of public goodwill' to offset negativity, expert says.

The best RBs for 2024 fantasy football according to our analysts

Victor Wembanyama wins NBA Rookie of the Year via unanimous vote after delivering on unprecedented hype

Edmunds bought a Fisker Ocean, warns others not to make the same mistake

Formula 1: Miami Grand Prix sends cease and desist letter to prevent Donald Trump fundraiser during race