U.S. House and Senate members Data Hacked, Offered for Sale

The breach of a Washington, DC, health insurance marketplace may have allowed hackers’ access to members of the House and Senate’s sensitive personal information, it was revealed on Wednesday. The lawmakers’ staff members and their families also suffered.

DC Health Link is the organization in charge of administering the health care plans of members of the United States House of Representatives, their staff, and their families.

“DC Health Link suffered a significant data breach yesterday potentially exposing the Personal Identifiable Information (PII) of thousands of enrollees. As a Member or employee eligible for health insurance through D.C. Health Link, your data may have been comprised,” said Catherine L. Szpindor, the U.S. House Chief Administrative Officer.

Individuals affected were notified of the breach today via email from Catherine L. Szpindor, as first reported by DailyCaller.

“Currently, I do not know the size and scope of the breach, but have been informed by the Federal Bureau of Investigation (FBI) that account information and Pit of hundreds of Mernber and House staff were stolen”, said Szpindor.

“It is important to note that at this time, it does not appear that Members or the House of Representatives were the specific targets of the attack.”

Selling Information Stolen From DC Health Servers

The information about U.S. House members that were taken from the servers of DC Health Link is being sold on a hacking forum by at least one threat actor, known as IntelBroker, according to BleepingComputer.

Notably, the House CAO Szpindor’s email doesn’t mention the data that was stolen. Over 170,000 people were affected, and a sample of the stolen data with the database header reveals that it contains all of their personal information, including names, dates of birth, residences, phone numbers, email addresses, Social Security numbers, and more.

Whole List of Stolen Information (BleepingComputer)

On Monday, March 6, the data was put up for sale, and IntelBroker alleges that it was stolen as a result of a hack into the DC.gov Health Benefit Exchange Authority.

“I am looking for an undisclosed amount in XMR cryptocurrency. Contact me on keybase @ IntelBroker. Middleman only,” says the threat actor.

U.S. House members’ data up for sale

Adam Hudson, the Public Information Officer for Health Benefit Exchange Authority, stated that some of the stolen data from DC Health Link were posted online and that notifications will be given to people affected in a statement to BleepingComputer.

“We can confirm reports that data for some DC Health Link customers have been exposed on a public forum. We have initiated a comprehensive investigation and are working with forensic investigators and law enforcement. 

Concurrently, we are taking action to ensure the security and privacy of our users’ personal information.  We are in the process of notifying impacted customers and will provide identity and credit monitoring services. 

In addition, and out of an abundance of caution, we will also provide credit monitoring services for all of our customers. The investigation is still ongoing and we will provide more information as we have more to share.”

Network Security Checklist – Download Free E-Book

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Meta Removed 2 Million Account Linked to Malicious Activities

 Meta has announced the removal of over 2 million accounts connected to malicious activities, including…

56 minutes ago

Veritas Enterprise Vault Vulnerabilities Lets Attackers Execute Arbitrary Code Remotely

Critical security vulnerability has been identified in Veritas Enterprise Vault, a widely-used archiving and content…

2 hours ago

7-Zip RCE Vulnerability Let Attackers Execute Remote Code

A critical security vulnerability has been disclosed in the popular file archiving tool 7-Zip, allowing…

2 hours ago

Massive Credit Card Leak, Database of 1,221,551 Cards Circulating on Dark Web

A massive data breach has sent shockwaves across the globe, as a database containing sensitive…

4 hours ago

Nearest Neighbor Attacks: Russian APT Hack The Target By Exploiting Nearby Wi-Fi Networks

Recent research has revealed that a Russian advanced persistent threat (APT) group, tracked as "GruesomeLarch"…

2 days ago

240+ Domains Used By PhaaS Platform ONNX Seized by Microsoft

Microsoft's Digital Crimes Unit (DCU) has disrupted a significant phishing-as-a-service (PhaaS) operation run by Egypt-based…

3 days ago