The online health insurance market for members of Congress and residents of Washington, DC, has been subjected to a hack that has compromised the personal identification information of potentially thousands of lawmakers, their spouses, dependents and employees, according to a letter from Speakers of the House of Representatives, in in which they informed their colleagues of the violation and a memo from the top Senate security official.
Capitol Police and the Federal Bureau of Investigation briefed Speaker Kevin McCarthy, California Republican, and Rep. Hakeem Jeffries, New York Democrat and minority leader, of the attack on the DC Health Link marketplace. Federal investigators were able to obtain personal information about members of Congress and their families on the dark web as a result of the violation, the letter said.
“Right now, our top priority is protecting the safety of everyone in the Capitol Hill community affected by the cyber hack,” Mr. McCarthy and Mr. Jeffries wrote on Wednesday, calling the incident a “egregious security breach.”
“The Office of the Chief Administrative Officer will be in touch with key resources, including credit and identity theft monitoring services, which we strongly encourage you to utilize,” lawmakers wrote.
The data of senators and their staff was also compromised, according to an internal memo from the Senate Sergeant-at-Arms. That memo said the compromised data included “full names, date of registration, relationship (self, spouse, child), and email address, but no other personally identifiable information.”
The cause, magnitude and scope of the data breach affecting DC Health Link were not immediately known, according to House Speakers, who wrote that they were “continually briefed on the matter” by the police and FBI
But the online health insurance market serves about 11,000 members of Congress and their staff and nearly 100,000 people overall.
“This breach significantly increases the risk of members, employees and their families suffering from identity theft, financial crime and physical threats – already an ongoing problem,” wrote Mr. McCarthy and Mr. Jeffries. “Fortunately, those selling the information appear unaware of the high sensitivity of the confidential information they hold and their relationship to members of Congress. This will certainly change as media reports spread the word about the breach.”
House leaders are now demanding answers from Mila Kofman, director of the DC Health Benefit Exchange Authority, a public-private partnership responsible for the District of Columbia’s online health insurance market. Mr McCarthy and Mr Jeffries sent a series of pointed questions to Ms Kofman on Wednesday.
These included reasons why the insurance market had not officially warned people whose data had been compromised; what specific subscriber information was stolen; and how many lawmakers were affected.
In a statement Wednesday night, Adam Hudson, a spokesman for the agency, confirmed the breach and said that “data from some of DC Health Link’s customers has been disclosed in a public forum.”
Mr Hudson said the agency had launched an investigation.
“At the same time, we take steps to ensure the security and confidentiality of our users’ personal information,” said Mr. Hudson. “We are in the process of notifying affected customers and will provide identity and credit monitoring services.”