A California man was indicted in federal court on Wednesday after he allegedly participated in multiple scams that defrauded people, establishments, and the town of Bristol, Rhode Island out of nearly $9 million dollars, prosecutors said.

The Rhode Island U.S. Attorney’s office named Alec Tahir Baker, a resident of Corona, California, as a “key participant” in an email conspiracy and money laundering scam. 

The indictment alleges Baker, 60, was involved in a scam where someone would send phishing emails to individuals, businesses, and Town of Bristol email addresses. If opened, prosecutors said, the email allowed the scammers to access the recipient’s computer information. Then Baker, along with unnamed co-conspirators, would allegedly direct victims’ banks to transfer money into an account owned by Baker or other conspirators, the indictment said.

According to the indictment, Baker, along with the co-conspirators, allegedly defrauded individuals and businesses of at least $8,854,243. In addition, the indictment alleges that around $7,649,876 in fraudulent proceeds were transmitted to bank accounts under Baker’s control.

Baker also allegedly targeted Bristol through the scam, allegedly stealing more than $300,000 dollars from the town.

First charged through a criminal complaint on Nov. 1, the Attorney’s office said Baker was arrested in Dallas, Texas, on Nov. 5 and detained after his first appearance in U.S. District Court. 

He faces charges of conspiracy to commit money laundering, bank fraud, and two counts of aggravated identity theft, the indictment said. Federal prosecutors said he will be transported to Rhode Island to be arraigned on those charges at a “later date.”

Representation for Baker did not immediately reply to a request for comment.

California resident, along with alleged scam enterprise, allegedly defrauded Town of Bristol

The indictment alleges Baker and his co-conspirators used phishing emails to gain access to the Town of Bristol’s computer network in January of 2023. 

“The next day, a member of the conspiracy caused $310,500 to be wired from one of the Town’s bank accounts into a business account controlled by Baker, who then withdrew or transferred funds from that account and deposited the money into other accounts he controlled,” the Attorney’s office said.

Of that $310,500, Baker allegedly withdrew $75,000 from the town’s Citibank account with the note “Q1 salary” on Jan. 20, 2023, the indictment said. Three days later, he allegedly withdrew $144,700 from the same Citibank account and deposited it into a Chase account, the indictment said. Next, on Jan. 31, the indictment said he withdrew $89,169.87 from the Citibank account and put it in a cashiers’ check payable to Al Hujen Group, a US Bank account operated by Baker.

The indictment said one of the involved scammers would allegedly pose as vendors and email employees of the targeted companies. The scammer would give the employee fraudulent bank information and direct the employee to make payments to that new account, which was controlled by Baker or co-conspirators, the indictment alleged. 

According to the indictment, the targeted companies and individuals were located across the country.

The Town of Bristol did not immediately reply to a request for comment.

Eva Levin is a general assignment co-op for Boston.com. She covers breaking and local news in Boston and beyond.

An unknown threat actor has stolen data belonging to potentially hundreds of thousands of residents of Rhode Island in a cyberattack and is threatening to release the data if a payment is not made.

The cyberattack was first detected on Dec. 5 when Rhode Island state officials were informed by its technology vendor, Deloitte Touche Tohmatsu Ltd., that the RIBridges data system had been the target of a potential cyberattack. RIBridges is Rhode Island’s integrated online system for managing public assistance programs.

Forward to Dec. 10 and Deloitte then advised the state that the RIBridges system had been breached and that those behind the breach had sent a screenshot of file folders stolen to Deloitte. The following day, Deloitte confirmed that there was a high probability that the folders contained personally identifiable data from RIBridges.

On Dec. 13, Deloitte confirmed that it had found malicious code in the system. The state then directed Deloitte to shut RIBridges down to remediate the threat.

According to a press release from the governor of Rhode Island, the data stolen may include any individual who has received or applied for health coverage or health and human services programs or benefits. The programs and benefits managed through the RIBridges system include Medicaid, the Supplemental Nutrition Assistance Program, Temporary Assistance for Needy Families, the Child Care Assistance Program, health coverage purchased through HealthSource Rhode Island, Rhode Island Works, Long-Term Services and Supports and the General Public Assistance Program.

Data stolen may include names, addresses, dates of birth, and Social Security numbers, as well as certain banking information. Rhode Island is providing those affected with free credit monitoring and a dedicated call center for assistance.

Data theft isn’t new, but some parts are missing from this story. Ransomware has not been mentioned, nor have any files reported being encrypted. However, ransomware operators in 2024 have been known to skip encryption and simply steal data to extort victims with a promise that the data will be released unless payment is made. Whether such an attack would still count as ransomware versus simply extortion likely doesn’t matter to the victims.

Whatever the finer details, hundreds of thousands of Rhode Island residents have had their personal data stolen weeks before the New Year, a new year that promises even more such attacks as ransomware operators and similar threat groups continue to cast a wide net for victims.

Image: SiliconANGLE/Ideogram

PROVIDENCE – Vendors working for the state have set up a call center to answer customer questions following the cyberattack earlier this month on Rhode Island’s public benefits computer system in which private information from hundreds of thousands of people was stolen. 

Deloitte, the information technology company that built and runs the system known as RIBridges and UHIP, contracted credit reporting agency Experian to run the multilingual call that opened Sunday morning. 

The toll-free hotline can be reached at 833-918-6603. It was set to remain open on Sunday until 8 p.m. and then continue operating from Mondays to Fridays between 9 a.m. and 9 p.m. 

“Call center staff will be able to provide general information about the breach as well as steps customers can take now to protect their data,” a news release from the Gov. Dan McKee’s office said. “Unfortunately, as the analysis of the data involved is still happening, call center staff will not be able to confirm whether a particular individual’s data is or is not included in the breach at this time.”  

“Once the impacted individuals are identified, they will be mailed a letter with the information they need to secure free credit monitoring services,” the release continued. 

Data breach: Governor says stolen data could be exposed in the coming week. Here’s what to do right now

The RIBridges system was shut down on Friday after Deloitte discovered dangerous malware embedded in its computer code. On Saturday, McKee said that the cybercriminals had stolen the personal data belonging to hundreds of thousands of Rhode Islanders. A negotiator has been holding ransom talks with the criminals, and it’s believed the data could be exposed as early as this week, the governor said at a news conference. 

Individuals who have received or applied for health coverage or health and human services programs or benefits could be affected by the data breach. The programs managed by the RIBridges system include: 

• Medicaid
• Supplemental Nutrition Assistance Program (SNAP)
• Temporary Assistance for Needy Families (TANF)  
• Child Care Assistance Program (CCAP)  
• Health coverage purchased through HealthSource RI
• Rhode Island Works (RIW) 
• Long-Term Services and Supports (LTSS)  
• General Public Assistance (GPA) Program  
• At HOME Cost Share 

State officials have urged anyone who has applied for benefits through the system since 2016 to change passwords and monitor their bank accounts for suspicious charges. 

The state has set up a website to provide information about the attack and steps customers can take to protect their data. It’s located at cyberalert.ri.gov. 

Data breach: RI computer network hit by major cyberattack, forcing public benefits system shutdown

Deloitte first alerted the state and police about a potential attack on Dec. 5. McKee said the state did not disclose that there could be a problem until the breach could be confirmed and to prevent triggering the release of personal data. 

He said he did not know how much money the hackers demanded, because Deloitte was communicating with them. However, he said he would have the final say on the decision to pay a ransom.