Lawmakers were informed on Wednesday, March 8, that their sensitive personal data and that of their family members and employees may have been exposed during a breach of the Washington, D.C. health insurance marketplace, according to a report by AP.
While DC Health Link confirmed that the number of customers affected is unknown, it is notifying those impacted and collaborating with law enforcement. All customers are being offered identity theft services and credit monitoring. The FBI is also aiding in the investigation.
170,000 Customers
An online criminal forum's broker claimed that records of 170,000 DC Health Link customers were obtained and were being offered for sale at an unspecified price. The broker stated that the records were stolen on Monday. Although reached by AP through an encrypted chat site, the broker could not provide additional information to back their claim or confirm if the records had been sold.
The broker acted on behalf of the seller, referred to as "thekilob." The forum provided a sample of stolen data, including social security numbers, addresses, phone numbers, email addresses, and employer names of twelve apparent customers. AP reported that they were able to reach one of the customers via a phone number in the data.
All Senate email account holders were notified of the stolen data that included not only the full names of the insured but also their family members.
The sergeant at arms sent an email to all account holders to relay the information. Similarly, an email from the office of the Chief Administrative Officer of the House was sent on behalf of House Speaker Kevin McCarthy and Minority Leader Hakeem Jeffries, branding the breach as "egregious."
The email further guaranteed updates and asked members to take advantage of credit and identity theft monitoring resources.
Freeze Credit
The Senate email went further to advise that all health insurance exchange registrants freeze their credit to curtail identity theft. Rep. Joe Morelle of New York also stated in an email that Capitol Police informed the House leadership of the significant data breach of enrollee information that poses a great risk to members, employees, and their family members.
He added that the cause, size, and scope of the data breach are still being determined by the FBI.
This latest hack comes amid several recent breaches that have affected multiple US agencies. Recently, hackers broke into a US Marshals Service computer system and activated ransomware on February 17 after obtaining personally identifiable information about agency employees and individuals under investigation.
These attacks indicate the severity of cyber threats to agencies and their employees, highlighting the need for continued vigilance and the adoption of stronger security measures.