Cybercrime , Fraud Management & Cybercrime
Target Does Not Appear to Have Deliberately Targeted Members of Congress David Perera (@daveperera) • March 8, 2023 The U.S. Capitol at night (Image: Shutterstock)
A hacker has been selling data stolen from an online health insurance marketplace used by members of Congress and residents of Washington, D.C.
See Also: OnDemand | Navigating the Difficulties of Patching OT
Leaders of the House of Representatives in a memo said the data pertains to “numerous” lawmakers as well as spouses, dependents and employees in both major American political parties. Data of senators and their staffs were also compromised. Congressional leaders say the cause, size and full scope of the breach is not yet known. The FBI investigating.
A spokesman for the online insurance marketplace, DC Health Link, confirmed to Information Security Media Group that customer information was exposed on a public forum.
Federal investigators were able to purchase stolen congressional data on a dark web criminal forum, House Speaker Kevin McCarthy and House Democratic Caucus Leader Hakeem Jeffries said in a widely reported letter to the marketplace’s executive director posted online by Axios.
A letter from the House Chief Administrative Office distributed to House offices states the hack does not appear to have targeted lawmakers. A Senate memo reported by NBC states that compromised data included “full names, date of enrollment, relationship (self, spouse, child), and email address, but no other personally identifiable information.”
“This breach significantly increases the risk that members, staff, and their families will experience identity theft, financial crimes, and physical threats – already an ongoing concern,” wrote McCarthy and Jeffries in their letter to DC Health Link. It does not appear, they added, that the hackers were initially aware of the sensitivity of the data they obtained. “This will certainty change as media reports more widely publicize the breach.”
The insurance marketplace serves nearly 100,000 people including approximately 11,000 members of Congress and staffers. Republican lawmakers inserted into the 2010 law establishing the nationwide health insurance program known as Obamacare a requirement that lawmakers and staff in their personal offices obtain health insurance through the Washington marketplace.
Customers of DC Health Link will receive credit monitoring services, said spokesman Adam Hudson.
