A DC healthcare insurance provider suffered a breach that exposed the personally identifiable information of hundreds of US House members and staff.
The "significant data breach," which happened on Tuesday and may have affected thousands of DC Health Link customers, is already being looked into by the FBI.
The Potentially Compromised Individuals Have Now Been Notified
The FBI is investigating a data breach that affected members and staff of the US Congress after their accounts and sensitive personal data were stolen from the servers of DC Health Link.
US House members, their employees, and their families' health insurance coverage are managed by DC Health Link, Bleeping Computer notes.
"It is important to note that at this time, it does not appear that Members or the House of Representatives were the specific target of the attack," House Chief Administrative Officer Catherine Szpindor writes.
Data for a few DC Health Link users have been made public, the company has acknowledged in a statement, which it has addressed immediately.
The company says that it has already started a thorough investigation and is taking steps to protect the security and privacy of user data while collaborating with forensic investigators and law enforcement.
Additionally, it has been reported that the impacted individuals from the breached information have now been informed in an email from Szpindor.
"Currently, I do not know the size and scope of the breach, but have been informed by the Federal Bureau of Investigation (FBI) that account information and Pit of hundreds of members and House staff were stolen," she also notes.
In a statement, the FBI said that while it is aware of the occurrence and is offering assistance, it does not currently have any additional information to share due to the continuing nature of the investigation, CNN Politics reports.
Read More: US Marshals Service Suffers Ransomware Attack, Sensitive Law Enforcement Data Compromised
The Breach Has Grown To Be A Serious Problem
According to a tweet from the Republicans on the Committee on House Administration, Chairman Bryan Steil is aware of the security hole and is coordinating with Szpindor.
This is to make sure the vendor takes the necessary precautions to protect the personally identifiable data of any affected members, staff members, and their families.
Bleeping Computer, however, found that at least one hacker going by the name of IntelBroker is offering the names of US House members who have been compromised on a hacking forum.
New York's Democratic Rep. Joe Morelle claims that the data breach is heinous and that the FBI found out about it since the material ended up on the dark web.
Approximately 170,000 people are affected, and a sample of the stolen data with the database header reveals that it contains information on significant individuals.
This includes their names, dates of birth, residences, email addresses, phone numbers, Social Security Numbers, and more.
On Monday, March 6, the data was put up for sale, which IntelBroker alleges was stolen as a result of a hack into the DC.gov Health Benefit Exchange Authority.
Congress needs to figure out how to devote more resources so individuals who work with the government can better protect this type of material, in addition to looking into what happened.
According to a CAO spokesperson, the company is deeply concerned about the breach's impact on individuals, which is why it will continue to provide updates from law enforcement to impacted members and staff, CNN Politics writes.
Related Article: Chick-fil-A Reveals That A Months-Long Automated Attack Has Compromised Customer Accounts
