FBI Probes Serious Data Breach Potentially Affecting US Lawmakers
The FBI is investigating a major data breach affecting several members of the United States House of Representatives.
The accounts and sensitive data belonging to the lawmakers, and some House staffers, were exfiltrated from the servers of DC Health Link, the association that administrates health insurance for the House.
US House Chief Administrative Officer Catherine L. Szpindor notified individuals afflicted by the breach via email yesterday.
“DC Health Link suffered a significant data breach yesterday potentially exposing the Personal Identifiable Information (PII) of thousands of enrollees,” reads Szpindor’s notification. “As a Member or employee eligible for health insurance through the DC Health Link, your data may have been comprised.”
Szpindor offered no details of the nature of the stolen information but said the attack likely did not target lawmakers specifically.
“Currently, I do not know the size and scope of the breach, but have been informed by the Federal Bureau of Investigation (FBI) that account information and Pll of hundreds of Members and House staff were stolen,” the message continues.
Reportedly, the perpetrators already tried to capitalize on the stolen data by listing heaps of it on a notorious hacking forum.
The information of roughly 17,000 individuals impacted by the breach was spotted in a stolen data sample on the forum. The sample held sensitive data such as names, addresses, dates of birth, home numbers, email addresses and Social Security Numbers.
To make matters worse, IntelBroker, the threat actor offering to sell the data, claims that at least one party has bought it. Adam Hudson, the public information officer for Health Benefit Exchange Authority, confirmed in a statement to BleepingComputer that some of the stolen data has been leaked online and that impacted parties will be notified.