A top health insurance marketplace in Washington, D.C., known as D.C. Health Link, was significantly hacked and has potentially exposed the personal identifiable information of hundreds of Congressional lawmakers and staff and thousands of former lawmakers and staff.
The breach occurred on Tuesday, and the U.S. Capitol Police and the FBI were alerted by Wednesday.
The Chief Administrative Officer, Catherine L. Szpindor, confirmed in a letter obtained by NBC News that personally identifiable information and account information of hundreds of House members and House staff were stolen.
While the size and scope of the entire breach is not yet known, tech reporting website Bleeping Computer first reported that the information for 170,000 Health Link customers including names, birthdays, spouses, and Social Security numbers is already for sale on the dark web and the seller is requesting cryptocurrency for payment.
The authenticity of the personal data has not been verified.
The Senate offices have also been affected in the Congressmembers hack, with an email sent to them on Wednesday stating that the data included full names, date of enrollment, relationship, and email address.
D.C. Health Link has launched an investigation into the breach, and the spokesperson said that they were taking action to ensure the security and privacy of users’ personal information. Credit monitoring services were also provided for all affected customers.
The Capitol Police and the FBI are investigating the ongoing breach.
According to the letter, House Speaker Kevin McCarthy and House Minority Leader Hakeem Jeffries have requested additional information from D.C. Health Link on what data was taken, who was impacted, and what steps they are taking to protect the House victims of this breach.
In the letter, they cautioned that the potential consequences of the breach could be significant, given that D.C. Health Link has been used by thousands of congressional members and employees since 2014.
The breach is a significant cause for concern, especially as lawmakers’ personal information was stolen. The breach could potentially impact their work as cybercriminals could use the stolen data to blackmail them, cause harm, or gain access to sensitive information.
Read More: Tom Cruise Shooting ‘Mission: Impossible 8’ on U.S. Aircraft Carrier Off Italian Coast
Data breaches have become a common occurrence, and the COVID-19 pandemic has only made things worse. With many people working from home and using their devices, cybercriminals have been able to exploit vulnerabilities and steal data.