D.C. Health Link hacker exposes lawmakers’ personal information
The recent data breach that affected hundreds of members and staff on Capitol Hill last week has exposed sensitive information belonging to 21 lawmakers in Congress, CyberScoop reported.
According to CyberScoop, it was able to verify the authenticity of the information belonging to an individual in a data set posted online by a user of a hacking forum.
The user who uploaded the data reportedly threatened that more datasets would be released.
“More data exists, but will not be leaked for the time being,” the user reportedly said. “The use of it is something important. More than one database were (sic) exposed.”
Last week, DC Health Link, a program that administers health care plans for members of Congress, suffered a “significant data breach” that impacted members of Congress and their staff.
The House chief administrative officer (CAO) confirmed to The Hill last week that account data and personal identifiable information connected to hundreds of House lawmakers and staff were stolen.
A CAO spokesperson declined to comment on CyberScoop’s recent reporting on the matter.
Last Thursday, top house leaders said although the scope of the data breach remains unknown, the size of the impact “could be extraordinary.”
“At this moment, the cause, size and scope of the data breach affecting DC Health Link could not be determined by the FBI,” said House Speaker Kevin McCarthy (R-Calif.) and House Minority Leader Hakeem Jeffries (D-N.Y.) in a letter to the DC Health Benefit Exchange Authority.
“Thousands of House Members and employees from across the United States have enrolled in health insurance through DC Health Link for themselves and their families since 2014,” they added.
The DC Health Benefit Exchange Authority told The Hill in an email that it launched an investigation following the data breach and began working with law enforcement and Mandiant, a third-party forensics firm.
The organization also said that over 56,000 customers were affected by the breach.
“We recognize the seriousness of this incident and we have reached out to impacted enrollees to provide three years of free identity and credit monitoring for all three major credit bureaus,” the organization said in an email.
“While this remains an ongoing investigation, our services are running normally and we continue to operate in a state of heightened alert,” it added.
Copyright 2023 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.