Thursday, April 18, 2024

U.S. House and Senate members Data Hacked, Offered for Sale

The breach of a Washington, DC, health insurance marketplace may have allowed hackers’ access to members of the House and Senate’s sensitive personal information, it was revealed on Wednesday. The lawmakers’ staff members and their families also suffered.

DC Health Link is the organization in charge of administering the health care plans of members of the United States House of Representatives, their staff, and their families.

“DC Health Link suffered a significant data breach yesterday potentially exposing the Personal Identifiable Information (PII) of thousands of enrollees. As a Member or employee eligible for health insurance through D.C. Health Link, your data may have been comprised,” said Catherine L. Szpindor, the U.S. House Chief Administrative Officer.

Individuals affected were notified of the breach today via email from Catherine L. Szpindor, as first reported by DailyCaller.

“Currently, I do not know the size and scope of the breach, but have been informed by the Federal Bureau of Investigation (FBI) that account information and Pit of hundreds of Mernber and House staff were stolen”, said Szpindor.

“It is important to note that at this time, it does not appear that Members or the House of Representatives were the specific targets of the attack.”

Selling Information Stolen From DC Health Servers

The information about U.S. House members that were taken from the servers of DC Health Link is being sold on a hacking forum by at least one threat actor, known as IntelBroker, according to BleepingComputer.

Notably, the House CAO Szpindor’s email doesn’t mention the data that was stolen. Over 170,000 people were affected, and a sample of the stolen data with the database header reveals that it contains all of their personal information, including names, dates of birth, residences, phone numbers, email addresses, Social Security numbers, and more.

Whole List of Stolen Information (BleepingComputer)

On Monday, March 6, the data was put up for sale, and IntelBroker alleges that it was stolen as a result of a hack into the Health Benefit Exchange Authority.

“I am looking for an undisclosed amount in XMR cryptocurrency. Contact me on keybase @ IntelBroker. Middleman only,” says the threat actor.

U.S. House members' data up for sale
U.S. House members’ data up for sale

Adam Hudson, the Public Information Officer for Health Benefit Exchange Authority, stated that some of the stolen data from DC Health Link were posted online and that notifications will be given to people affected in a statement to BleepingComputer.

“We can confirm reports that data for some DC Health Link customers have been exposed on a public forum. We have initiated a comprehensive investigation and are working with forensic investigators and law enforcement. 

Concurrently, we are taking action to ensure the security and privacy of our users’ personal information.  We are in the process of notifying impacted customers and will provide identity and credit monitoring services. 

In addition, and out of an abundance of caution, we will also provide credit monitoring services for all of our customers. The investigation is still ongoing and we will provide more information as we have more to share.”

Network Security Checklist – Download Free E-Book


Latest articles

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall Vulnerability (CVE-2024-3400)

In the wake of the recent disclosure of a critical vulnerability (CVE-2024-3400) affecting a...

Cerber Linux Ransomware Exploits Atlassian Servers to Take Full Control

Security researchers at Cado Security Labs have uncovered a new variant of the Cerber...

FGVulDet – New Vulnerability Detector to Analyze Source Code

Detecting source code vulnerabilities aims to protect software systems from attacks by identifying inherent...

North Korean Hackers Abuse DMARC To Legitimize Their Emails

DMARC is targeted by hackers as this serves to act as a preventative measure...

L00KUPRU Ransomware Attackers discovered in the wild

A new variant of the Xorist ransomware, dubbed L00KUPRU, has been discovered in the...

Oracle Releases Biggest Security Update in 2024 – 372 Vulnerabilities Are Fixed – Update Now!

Oracle has released its April 2024 Critical Patch Update (CPU), addressing 372 security vulnerabilities...

Outlook Login Panel Themed Phishing Attack Evaded All Antivirus Detections

Cybersecurity researchers have uncovered a new phishing attack that has bypassed all antivirus detections.The...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.


Mastering WAAP/WAF ROI Analysis

As the importance of compliance and safeguarding critical websites and APIs grows, Web Application and API Protection (WAAP) solutions play an integral role.
Key takeaways include:

  • Pricing models
  • Cost Estimation
  • ROI Calculation

Related Articles