Hackers Sell US Lawmaker Data Stolen From Insurance MarketHack Does Not Appear to Have Deliberately Targeted Members of Congress
Hackers have been selling data stolen from an online health insurance marketplace used by members of Congress and residents of Washington, D.C.
Leaders of the House of Representatives in a memo said the data pertains to "numerous" lawmakers -as well as their spouses, dependents and employees - in both major American political parties. Data of senators and their staffs were also compromised. Congressional leaders say the cause, size and full scope of the breach is not yet known. The FBI is investigating.
A spokesman for the online insurance marketplace DC Health Link confirmed to Information Security Media Group that customer information had been exposed on a public forum.
Federal investigators were able to purchase stolen congressional data on a dark web criminal forum, House Speaker Kevin McCarthy and House Democratic Caucus Leader Hakeem Jeffries said in a widely reported letter to the marketplace's executive director posted online by Axios.
A letter from the House Chief Administrative Officer distributed to House offices says the hack does not appear to have targeted lawmakers. A Senate memo reported by NBC states that compromised data included "full names, date of enrollment, relationship (self, spouse, child), and email address, but no other personally identifiable information."
"This breach significantly increases the risk that members, staff, and their families will experience identity theft, financial crimes, and physical threats - already an ongoing concern,” wrote McCarthy and Jeffries in their letter to DC Health Link. It does not appear, they added, that the hackers were initially aware of the sensitivity of the data they obtained. "This will certainly change as media reports more widely publicize the breach," the letter says.
The insurance marketplace serves nearly 100,000 people, including approximately 11,000 members of Congress and staffers. Republican lawmakers inserted into the 2010 law establishing the nationwide health insurance program the Affordable Care Act a requirement that lawmakers and staff in their personal offices obtain health insurance through the Washington marketplace.
Customers of DC Health Link will receive credit monitoring services, said spokesman Adam Hudson.