What just happened? A hack on a Washington, D.C., health insurance marketplace has resulted in sensitive personal data belonging to hundreds of House and Senate members, their staff, and their families being stolen and put up for sale.
Reuters reports that House’s Chief Administrative Officer Catherine Szpindor (CAO) sent letters to members of Congress that said a “significant data breach” at DC Health Link could have exposed the personal information of hundreds of Members and House staff.
Szpindor added that it does not appear that Members of the House of Representatives were the specific targets of the attack.
DC Health Link has confirmed the breach and is offering identity theft service and extended credit monitoring to an unspecified number of customers whose data was affected. The company suggests that members freeze their credit and take precautions to avoid becoming victims of fraud.
Chairman Steil is aware of the breach and is working with the CAO to ensure the vendor takes necessary steps to protect the PII of any impacted member, staff, and their families.
— House Admin. Committee GOP (@HouseAdmin) March 8, 2023
Online News 72h writes that a broker on a dark web forum was offering to sell records of 170,000 DC Health Link customers for an unspecified amount, claiming the details had been stolen on Monday. The company said it is working with law enforcement. The FBI said it was aware of the incident and was assisting in the investigation
A sample of the broker’s data taken from 12 customers included Social Security numbers, addresses, names of employers, phone numbers, emails and addresses. The Online News 72h contacted one of the named individuals, who confirmed the details were accurate. All 12 people in the sample work for the same company or are family members.
The Senate sergeant at arms told Senate email account holders in an email that the stolen data included full names of the insured and family members but “no other personally identifiable information.”
In an emailed statement, Rep. Joe Morelle of New York said that House leadership was informed by Capitol police that DC Health Link “suffered an extraordinarily large data breach of enrollee information” that posed a “great risk” to members, employees and their families.
This is the latest breach to impact US agencies. Hackers hit a US Marshals Service computer system with a ransomware attack last month that also saw the theft of personally identifiable data about agency employees and targets of investigations. More recently, an FBI computer system was breached at the agency’s New York field office.
Masthead: Wally Gobetz