Health data breach hitting Congress 'could be extraordinary'

FILE - People walk outside the U.S. Capitol building in Washington on June 9, 2022. Members of the House and Senate were informed Wednesday, March 8, 2023, that hackers may have gained access to their sensitive personal data in a breach of a Washington, D.C., health insurance marketplace. (AP Photo/Patrick Semansky, File) (ASSOCIATED PRESS)
15
LISA MASCARO and FRANK BAJAK
·3 min read

WASHINGTON (AP) — House leaders say the impact of a hack of health insurance marketplace used by members of Congress “could be extraordinary,” exposing sensitive personal data of lawmakers, their employees and families.

DC Health Link, which runs the exchange, said an unspecified number of customers were affected and it was notifying them and working with law enforcement to quantify the damage. It said it was offering identity theft service to those affected and extending credit monitoring to all customers.

Some 11,000 of the exchange’s more than 100,000 participants work in the House and Senate or are relatives.

In a letter to the exchange's director posted on Twitter, House Speaker Kevin McCarthy and Minority Leader Hakeem Jeffries said the breach “significantly increase the risk that Members, staff and their families will experience identity theft, financial crimes, and physical threats.”

They said the FBI had informed them that it was able to purchase the stolen data on the dark web, where it was offered for sale for an unspecified amount Monday on a hacker forum popular with cybercriminals.

The FBI said in a brief statement Wednesday evening it said it was aware of the incident and was assisting.

In the letter, McCarthy and Jeffries said “the individuals selling the information appear unaware of the high-level sensitivity of the confidential information in their possession, and its relation to Members of Congress" but that would change as media reports publicized the breach.

They said the FBI had not yet determined the extent of the breach but that thousands of House members, employees and their families have enrolled in health insurance through DC Health Link since 2014. “The size and scope of impacted House customers could be extraordinary.”

It was not clear whether and how the FBI could guarantee that copies of the stolen data are not circulating in the cybercrime underworld.

In the sale offer, a broker on the online crime forum claimed to have records on 170,000 DC Health Link customers and said they were stolen Monday. Reached on Wednesday via encrypted chat, the broker said they were acting on behalf of a seller known as “thekilob.”

By Thursday, the offer and sample stolen data posted to the forum had been removed. The data listed Social Security numbers, addresses, names of employers, phone numbers, emails and addresses for a dozen DC Link participants. The AP reached one by phone on Wednesday evening.

“Oh my God,” the man said when informed the information was public. All 12 people listed work for the same company or are family members.

In an email to all Senate email account holders on Wednesday, the sergeant at arms recommended that anyone registered on the health insurance exchange freeze their credit to prevent identity theft.

An email sent out by the office of the Chief Administrative Office of the House on behalf of McCarthy and Jeffries called the breach “egregious” and urged members to use credit and identity theft monitoring resources.

In an emailed statement on Wednesday, Rep. Joe Morelle of New York said House leadership was informed by Capitol Police that DC Health Link “suffered an extraordinarily large data breach of enrollee information" that posed a “great risk” to members, employees and their family members. He said the FBI was still determining the “cause, size, and scope of the data breach.”

The hack follows several recent breaches affecting U.S. agencies. Hackers broke into a U.S. Marshals Service computer system and activated ransomware on Feb. 17 after stealing personally identifiable data about agency employees and targets of investigations.

An FBI computer system was recently breached at the bureau's New York field office, CNN reported in mid-February. Asked about that intrusion, the FBI issued a statement calling it "an isolated incident that has been contained.” It declined further comment, including when it occurred and whether ransomware was involved.

There was no indication the DC Health breach was ransomware-related.

___

Bajak reported from Boston.

Recommended Stories

  • Congress members warned of significant health-data breach

    Members of the House and Senate were informed Wednesday that hackers may have gained access to their sensitive personal data in a breach of a Washington, D.C., health insurance marketplace. Employees of the lawmakers and their families were also affected.

  • Kevin McCarthy and Hakeem Jeffries demand answers on 'significant' data breach affecting members and staff

    House Speaker Kevin McCarthy and Minority Leader Hakeem Jeffries sent a joint letter Wednesday demanding answers about the “significant data breach" of DC Health Link.

  • New atmospheric river storm barrels toward California

    California braced Thursday for the arrival of another atmospheric river that forecasters warned will bring heavy rain, strong winds, thunderstorms and the threat of flooding to a state still digging out from earlier storms. The flood threat will come from the combination of rain and melting of parts of the huge snowpack built in California's mountains by nine atmospheric rivers early in the winter and later storms fueled by a blast of arctic air. The new atmospheric river is a type known as a “Pineapple Express” because it is a deep tap of warm subtropical moisture stretching over the Pacific to Hawaii.

  • The FBI is warning that House lawmakers and hundreds of their staff had their personal information stolen due to a data breach at an online health insurance marketplace

    Thousands of people's personal information may have been exposed due to a data breach at DC Health Link, the district's insurance marketplace.

  • Cameroon country profile

    Provides an overview of Cameroon, including key dates and facts about this west African country.

  • Iran arrests school poisoning suspects as cases top 5,000

    Iran announced Tuesday it had made the first arrests in a spate of mystery poisonings of schoolgirls that has affected more than 5,000 pupils since late November."Twenty-five (out of 31) provinces and approximately 230 schools have been affected, and more than 5,000 schoolgirls and boys poisoned," Mohammad-Hassan Asafari, a member of the parliamentary fact-finding committee, told the ISNA news agency on Monday.

  • Shawn Kemp Arrested on Felony Drive-By Shooting Charge

    The six-time NBA all-star was arrested in Washington on Wednesday

  • NFL cuts tracker: Which players will be looking for new teams?

    As free agency approaches, teams are beginning to release expensive or underperforming players to open up salary cap space. See who's looking for a new team here.

  • House Speaker Kevin McCarthy declines Ukrainian President Zelensky's invite to visit Ukraine

    House Speaker Kevin McCarthy declined an invite from Ukrainian President Zelensky to visit the country and see the impact of Russia's invasion.

  • Which Cost-of-Living Expenses Are Higher Than Retirees Expect?

    About 10,000 baby boomers turn 65 every day, and though the prospect of retirement is appealing, as a retiree, you might need to prepare for more than you might expect. According to an AAG survey, 53%...

  • TikTok push targets Biden on Alaska’s huge Willow oil plan

    A social media campaign urging President Joe Biden to reject an oil development project on Alaska's remote North Slope has rapidly gained steam on TikTok and other platforms, reflecting the unease many young Americans feel about climate change. The #StopWillow campaign has garnered more than 50 million views and counting, and it was trending in the top 10 topics on TikTok, as users voiced their concerns that Biden wouldn't stick to his campaign promises to curtail oil drilling. “With all of the progress that the U.S. government has made on climate change, it now feels like they’re turning their backs by allowing Willow to go through," Thayer said.

  • Biden to host Australian, British leaders on AUKUS defence pact

    WASHINGTON/SYDNEY (Reuters) -U.S. President Joe Biden will host leaders of Australia and Britain in San Diego next week to chart a way forward for provision of nuclear-powered submarines and other high-tech weaponry to Australia, sources familiar with the plans said. Australian Prime Minister Anthony Albanese said before leaving on a visit to India on Wednesday he would visit the United States to meet Biden, but would not be drawn on plans for a summit with Biden and British Prime Minster Rishi Sunak to announce a way forward on the so-called AUKUS project. "I look forward to the continuing engagement that I have with the U.S. administration," Albanese told reporters before departure for India, without giving a date for his U.S. trip.

  • Satellite photos: Likely Israel strike damages Syria airport

    A suspected Israeli airstrike targeting Aleppo International Airport in Syria again left multiple craters on its runway, satellite images analyzed by The Associated Press showed Thursday. Separately, a U.N. official criticized the attack for hindering earthquake relief for the hard-hit, war-torn Syria. The attack on Aleppo airport comes as Israel previously struck the airfield as part of an Israeli campaign to disrupt Iranian weapons transfers to the country.

  • Egypt's inflation spikes again, hiking prices of basic food

    Inflation in Egypt again hit a new high for this year in February, the government said Thursday, with prices rising most steeply for food. The country is in the midst of an economic crisis and a currency depreciation. Annual inflation rose to 32.9% in February, the government statistics agency said, up from 26.5% in January.

  • Lawmaker who gave tours of Capitol will lead inquiry of January 6 panel

    Georgia Republican Barry Loudermilk denied giving tours related to the January 6 riots until video was released

  • Hackers Compromise Personal Data of US House Members; Details Awaited

    This week, a data breach at the Washington DC health insurance marketplace exposed sensitive personal information of the House and its staff members. Catherine L. Szpindor, the Chief Administrative Officer of the House of Representatives, said that the FBI had informed her that hackers stole data from hundreds of lawmakers and staff, the Washington Post reports. The hack did not appear to target lawmakers specifically, Szpindor said. Also Read: Uber System Breach Culprits Are Likely The Ones Beh

  • NFL franchise tag winners, losers: Which players, teams made out best at deadline?

    Tuesday's franchise-tag deadline provided a degree of clarity for some teams and players, but there's plenty left to resolve.

  • Indonesia unveils construction site of new capital city

    Orange-red ground has been broken in the jungle of East Borneo, where the Indonesian government has begun construction of its new capital city. Officials promise a “sustainable forest city” that puts the environment at the heart of development and aims to be carbon-neutral by 2045. Indonesia began construction of the new capital in mid 2022, after President Joko Widodo announced that Jakarta — the congested, polluted current capital that is prone to earthquakes and rapidly sinking into the Java Sea — would be retired from capital status.

  • Ex-Giant Cody Latimer dominating in XFL as a tight end

    Through three weeks, former New York Giants WR Cody Latimer is the XFL's top tight end and one of the league's leading receivers.

  • Jaden Ivey stands out, but Detroit Pistons fall to Wizards, 119-117, on last-second tip-in

    Jaden Ivey had 26 points and 12 assists but the Detroit Pistons lost to the Washington Wizards, 119-117, on a last-second tip-in Tuesday in Detroit.