The FBI is investigating a knowledge breach affecting U.S. House of Representatives members and workers after their account and delicate private info was stolen from DC Health Link’s servers.
DC Health Link is the group that administers the well being care plans of U.S. House members, their workers, and their households.
Impacted people have been notified in the present day of the breach in an electronic mail from Catherine L. Szpindor, the U.S. House Chief Administrative Officer, as first reported by DailyCaller.
“DC Health Link suffered a major information breach yesterday probably exposing the Personal Identifiable Information (PII) of 1000’s of enrollees. As a Member or worker eligible for medical insurance by means of the D.C. Health Link, your information might have been comprised,” Szpindor stated.
“Currently, I have no idea the dimensions and scope of the breach, however have been knowledgeable by the Federal Bureau of Investigation (FBI) that account info and Pit of a whole lot of Mernber and House workers have been stolen.
“It is necessary to notice that right now, it doesn’t seem that Members or the House of Representatives have been the precise goal of the assault.”
Stolen information already up on the market on-line
While the e-mail despatched by House CAO Szpindor would not have any particulars relating to the stolen information, BleepingComputer found that a minimum of one risk actor (often known as IntelBroker) is promoting the U.S. House members’ info stolen from DC Health Link’s servers on a hacking discussion board.
A pattern of stolen information with the database header reveals it accommodates the data of roughly 170,000 affected people, together with their names, dates of beginning, addresses, electronic mail addresses, telephone numbers, Social Security Numbers, and way more (the complete record is accessible beneath).
Subscriber ID,Member ID,Policy ID,Status,First Name,Last Name,SSN,DOB,Gender,Relationship,Benefit Type,Plan Name,HIOS ID,Plan Metal Level,Carrier Name,Premium Amount,Premium Total,Policy APTC,Policy Employer Contribution,Coverage Start,Coverage End,Employer Name,Employer DBA,Employer FEIN,Employer HBX ID,Home Address,Mailing Address,Work Email,Home Email,Phone Number,Broker,Race,Ethnicity,Citizen Status,Plan Year Start,Plan Year End,Plan Year StatusThe information was posted on the market on Monday, March 6, and IntelBroker claims it was stolen after breaching the DC.gov Health Benefit Exchange Authority.
“I’m in search of undisclosed quantity in XMR crypto foreign money. Contact me on keybase @ IntelBroker. Middleman solely,” the risk actor says.
The risk actor additionally claims that the stolen info has already been offered to a minimum of one purchaser.
Update 6:24 PM ET:
In a press release to BleepingComputer, Adam Hudson, the Public Information Officer for Health Benefit Exchange Authority, confirmed that a few of stolen DC Health Link information was uncovered on-line and that notifications might be despatched to these affected.
“We can verify stories that information for some DC Health Link clients has been uncovered on a public discussion board. We have initiated a complete investigation and are working with forensic investigators and regulation enforcement. Concurrently, we’re taking motion to make sure the safety and privateness of our customers’ private info. We are within the technique of notifying impacted clients and can present identification and credit score monitoring companies. In addition, and out of an abundance of warning, we can even present credit score monitoring companies for all of our clients. The investigation remains to be ongoing and we’ll present extra info as we have now extra to share.”