Members of the US House and Senate data hacked, offered for sale
The breach at a health insurance marketplace in Washington, DC, may have given hackers access to sensitive personal information of members of the House and Senate, it was revealed Wednesday. Legislators’ staff and their families also suffered.
DC Health Link is the organization responsible for administering the health plans of members of the United States House of Representatives, their staff and their families.
“DC Health Link suffered a significant data breach yesterday that potentially exposed personally identifiable information (PII) of thousands of enrollees. As a member or employee eligible for health insurance through DC Health Link, your data may have been affected,” said Catherine L. Szpindor , chief administrative officer in the United States House.
Affected individuals were notified of the breach today via email from Catherine L. Szpindor, as first reported by the DailyCaller.
“For now, I do not know the size and scope of the breach, but have been informed by the Federal Bureau of Investigation (FBI) that the account information and Pit of hundreds of Mernber and House employees were stolen,” Szpindor said.
“It is important to note that at this time it does not appear that members or the House of Representatives were the specific targets of the attack.”
Selling information stolen from DC Health Servers
The information about members of the US House obtained from DC Health Link’s servers is being sold on a hacking forum by at least one threat actor known as IntelBroker, according to BleepingComputer.
Notably, House CAO Szpindor’s email does not mention the data that was stolen. Over 170,000 people were affected, and a sample of the stolen data with the database header reveals that it contains all of their personal information, including names, dates of birth, homes, phone numbers, email addresses, social security numbers and more.
On Monday, March 6, the data was put up for sale, and IntelBroker claims it was stolen as a result of a hack into the DC.gov Health Benefit Exchange Authority.
“I’m looking for an undisclosed amount of XMR cryptocurrency. Contact me at keybase @ IntelBroker. Just a middle man,” says the threat actor.
Adam Hudson, public information officer for the Health Benefit Exchange Authority, said in a statement to BleepingComputer that some of the stolen data from DC Health Link was posted online and that notifications will be made to people affected.
“We can confirm reports that data for some DC Health Link customers has been exposed in a public forum. We have launched an extensive investigation and are working with forensic investigators and law enforcement.
At the same time, we take measures to ensure the security and privacy of users’ personal information. We are in the process of notifying affected customers and will provide identity and credit monitoring services.
In addition, and out of an abundance of caution, we will also offer credit monitoring services for all of our customers. The investigation is still ongoing and we will provide more information as we have more to share.”
Network Security Checklist – Download Free eBook
