The personal data of House members and staff was compromised due to a recently uncovered breach of health care group DC Health Link.
Now that data is being sold on the dark web.
House Speaker Kevin McCarthy and Minority Leader Hakeem Jeffries sent out an email describing an “egregious security breach within DC Health Link’s insurance marketplace.”
The leaders noted the breach “compromised the personal information of numerous House Members, spouses, dependents and employees in both parties,” but they did not identify affected members.
In an internal memo sent to U.S. House staffers, House Chief Administrative Officer Catherine L. Szpindor informed recipients of the “significant data breach,” which potentially exposed the personally identifiable information (PII) of thousands of employees, and warned them that their data may have been compromised.
While the internal memo states that the size and scope of the breach are unknown, the FBI confirmed that account information and PII belonging to House members and staff were stolen, but it does not appear that they were specifically targeted in the cyberattack.
The FBI also said that while they believe the individuals selling the stolen information did not seem to be aware of its “high-level sensitivity” at the time, continued publicizing of the event would “certainly change” that.
The breach will likely raise concerns on Capitol Hill even higher around threats from cyberattacks.
It’s an issue that has come to the forefront due to high-profile ransomware attacks in recent years and a ramp-up of Russian cyber threats due to the war in Ukraine.
The House Administration Committee, which has jurisdiction over the internal procedures of the House, is also stepping in to investigate.
In a statement, the FBI said it was “aware of this incident and is assisting. As this is an ongoing investigation, we do not have any additional information to provide at this time.”
Be the first to comment