Congress members warned of significant health data breach
Officials have informed members of the House and Senate and their staffs that hackers may have gained access to their sensitive personal data in a breach of a Washington, D
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Members of the House and Senate were informed Wednesday that hackers may have gained access to their sensitive personal data in a breach of a Washington, D.C., health insurance marketplace. Employees of the lawmakers and their families were also affected.
DC Health Link confirmed that data on an unspecified number of customers was affected and said it was notifying them and working with law enforcement. It said it was offering identity theft service to those affected and extending credit monitoring to all customers.
The FBI said it was aware of the incident and was assisting the investigation.
A broker on an online crime forum claimed to have records on 170,000 DC Health Link customers and was offering them for sale for an unspecified amount. The broker claimed they were stolen Monday. The broker did not immediately respond to questions posed by The Associated Press on an encrypted chat site.
It was not possible to confirm the number claimed. Sample stolen data was posted on the site for a dozen apparent customers. It included Social Security numbers, addresses, names of employers, phone numbers, emails and addresses. The AP reached one of the dozen by dialing a listed number.
“Oh my God,” the man said when informed the information was public. All 12 people listed work for the same company or are family members.
In an email to all Senate email account holders, the sergeant at arms said it was informed that the stolen data included full names of the insured and family members but “no other Personally Identifiable Information.”
It recommended that anyone registered on the health insurance exchange freeze their credit to prevent identity theft.
In an emailed statement, Rep. Joe Morelle of New York said House leadership was informed by Capitol Police that DC Health Link “suffered an extraordinarily large data breach of enrollee information" that posed a “great risk” to members, employees and their family members. “At this time the cause, size, and scope of the data breach impacting the DC Health Link still needs to be determined by the FBI,” Morelle said.
The hack follows several recent breaches affecting U.S. agencies. Hackers broke into a U.S. Marshals Service computer system and activated ransomware on Feb. 17 after stealing personally identifiable data about agency employees and targets of investigations.
An FBI computer system was recently breached at the bureau's New York field office, CNN reported in mid-February. Asked about that intrusion, the FBI issued a statement calling it "an isolated incident that has been contained.” It declined further comment, including when it occurred and whether ransomware was involved.
There was no indication the Health breach was ransomware-related.