iConstituent provides constituent outreach services for offices within Congress, which allows users to “easily connect with constituents, collaborate on casework, and manage all internal and external communications”.
But for several weeks, nearly 60 House offices, both Republican and Democrat, have been unable to access constituent information due to the ransomware attack, causing frustration among those impacted.
The situation has yet to be resolved.
Catherine Szpindor, chief administrative officer of the House, told Punchbowl News that there was no indication the ransomware attack involved a breach of the wider House IT systems when contacted for a statement.
“The Office of the Chief Administrative Officer was notified by iConstituent that their e-newsletter system was hit with a ransomware attack. iConstituent’s e-newsletter system is an external service available for House offices to purchase. At this time, the CAO is not aware of any impact to House data,” Mr Szpindor said.
“The CAO is coordinating with the impacted offices supported by iConstituent and has taken measures to ensure that the attack does not affect the House network and offices’ data,” she added.
Vendors impacted by the ransomware attack include House offices that represent constituents in Hawaii, Nevada, California, and Georgia, among other clients.
Whether iConstituent has paid a ransom to the hackers involved in the attack was not revealed.
The revelation comes one day after the Justice Department revealed that it recaptured a portion of the ransom Colonial Pipeline paid to DarkSide, a Russian hacking group, following the ransomware attack that took place in May.
The pipeline provides about 45 per cent of the fuel used on the East Coast, so the attack, which shut down the company for multiple days, caused a significant impact to the United States.
JBS, a large meat supplier in the country, was also hit with a ransomware attack.
The Justice Department has warned that other companies would experience ransomware attacks in the future and encouraged critical infrastructure agencies to implement proper cybersecurity measures to prevent these attacks.