At least 60 members of Congress, both Democrats and Republicans, have been unable to access their constituent data for weeks after they were targeted in a recent ransomware attack, reports first revealed Tuesday.
The ransomware attack targeted iConstituent, a tech vendor used by dozens of House offices that enables lawmakers to provide constituent outreach, the Daily Mail reported. The vendor’s website says it keeps a “database of over 200M constituents and mobile phones” and its Constituent Engagement Platform and “identify and segment groups of constituents based on their interests, engagements, or concerns.”
Sen. Rob Portman later confirmed during a Senate Homeland Security and Governmental Affairs Committee ransomware hearing on Tuesday, “Just this morning news broke that a constituent outreach services platform that nearly 60 offices in the United States Congress, the House of Representatives, uses was hit with a ransomware attack. As I’ve said before no one is safe from these attacks — including us.”
It is unclear which lawmakers in particular were affected by the cyber attack and the extent of the constituent data compromised.
The Office of the Chief Administrative Officer (CAO), which oversees IT security for the House of Representatives, told the Daily Mail, there was “no impact” on the overall security of House data and the CAO’s office is working with the vendor to resolve the situation.
“‘At this time, the CAO is not aware of any impact to House data. The CAO is coordinating with the impacted offices supported by iConstituent and has taken measures to ensure that the attack does not affect the House network and offices’ data,” the CAO’s office said.
The hack of Congressional constituent data was first reported to Punchbowl News, a membership-based political news site. Rep. Rodney Davis (R-IL), the top Republican on the House Administration Committee, told the publication he “understands there is some frustration at the vendor in question here,” iConstituent. Several lawmakers have paid thousands to iConstituent for its services, according to the latest House disbursements statement.
It is unclear who is responsible for the latest ransomware attack amid a series of hacks that have targeted U.S. government offices in recent months.
Russian hackers have been suspected of other recent cyberattacks, including the hack on SolarWinds software products used by numerous government offices and the recent ransomware attack against Colonial Pipeline, which forced the major gas supplier to shut down its entire east coast pipeline for days.
Secretary of State Tony Blinken said Russian President Vladimir Putin will have to answer for Russian involvement in recent ransomware attacks when he and President Joe Biden meet face-to-face in Geneva, Switzerland next week.
“When it comes to these ransomware attacks, of course, we’ve already talked to the Russians about this,” Blinken said in an interview with Axios this weekend. “One of the things we’re seeing is that criminal enterprises seem to be engaged in these attacks. And it is an obligation on the part of any country, including Russia, if it has a criminal enterprise acting from its territory against anyone else, to do what’s necessary to stop it, to bring it to justice.”
Blinken said one of the reasons Biden chose to meet with Putin was to directly discuss the ransomware attacks “to tell him directly and clearly what he can expect from the United States if aggressive, reckless actions toward us continue.”