Members of the House and Senate were warned on Wednesday that a breach at a health insurance marketplace in Washington, D.C., may have allowed hackers access to their sensitive personal information. Additionally impacted were the politicians’ staff members and their families.
DC Health Link stated that it was alerting affected consumers and cooperating with law authorities after confirming that data on an undefined number of clients was compromised. In addition to providing credit monitoring to all consumers, it claimed to be providing identity theft services to individuals affected.
According to the FBI, it was informed of the event and was aiding with the investigation.
An online broker was claiming to have 170,000 DC Health Link subscribers’ records and was selling them for an undetermined sum. They were stolen on Monday, according to the broker. The broker refused to confirm whether the data had been purchased when contacted by The Associated Press on a secure chat platform and said they were unable to give additional evidence to support the claim. They claimed to be representing “thekilob,” the seller.
On the website, samples of stolen data for a dozen ostensible clients were presented. It contained Social Security numbers, addresses, employer names, contact information (phone and email), and addresses. By contacting a specified number, the AP was able to contact one of the dozen.
The man, when told that the information was public, said, “Oh my God. The 12 individuals named are either family members or employees of the same business.
The sergeant at arms stated the full names of the insured and their family members were among the stolen data in an email sent to all Senate email account owners. House Speaker Kevin McCarthy and Minority Leader Hakeem Jeffries announced the breach in an email that was sent on their behalf by the Chief Administrative Office of the House, calling it “egregious” and promising to give updates. It advised subscribers to use tools for credit and identity theft monitoring.
To prevent identity theft, the Senate email advised anyone who registered on the health insurance exchange to freeze their credit.
Rep. Joe Morelle of New York stated in an email that House leadership was alerted by Capitol Police that DC Health Link had had a “extraordinarily significant data breach of enrollee information” that constituted a “grave risk” to members, staff, and their families. According to Morelle, “the FBI is still investigating the origin, extent, and scale of the DC Health Link data breach.”