Members of the House and their staff were told this week that their sensitive personal information was exposed after a data breach at the Washington, D.C., health insurance marketplace.
“DC Health Link suffered a significant data breach,” Catherine L. Szpindor, the Chief Administrative Officer of the House of Representatives wrote in a letter to colleagues. She said that while she did not have information on the size and scope of the breach, the FBI had informed her that data on hundreds of lawmakers and staff had been stolen.
It did not appear that lawmakers were the specific target of the breach, Szpindor said. Speaker Kevin McCarthy (R-Calif.) and Democratic leader Hakeem Jeffries (D-N.Y.) have asked DC Health Link to provide further information, she added.
Senators and their staff were also affected by the breach, but it did not appear that data beyond their names and those of their family was exposed, the Associated Press reported.
The FBI told McCarthy and Jeffries that law enforcement officials found they could buy sensitive personal information from DC Health Link on the dark web, according to a letter sent by House leadership to the marketplace, “including names of spouses, dependent children, their social security numbers, and home addresses.”
“We have initiated a comprehensive investigation and are working with forensic investigators and law enforcement,” DC Health Link said in an email. “Concurrently, we are taking action to ensure the security and privacy of our users’ personal information.”
A broker on an online crime forum claimed to have records on 170,000 DC Health Link customers and was offering to sell the data, the AP reported. It was not able to verify the broker’s claim.