Sensitive information about U.S. House members and staff are being sold
The health data and other sensitive personal information of U.S. House members and staff have been stolen and are being sold on the dark web. Catherine L. Szpindor, the U.S. House Chief Administrative Officer, has notified all affected individuals via email that there has been a significant data breach at DC Health Link, which may have exposed the personal identity information of thousands of policyholders.
These data were originally stored on servers operated by DC Health Link, which is responsible for managing healthcare insurance plans for US congressmen and their families as well as staff members. Adam Hudson, the Public Information Officer for Health Benefit Exchange Authority, confirmed in a statement that the server had been hacked and that some of the stolen DC Health Link data had been exposed online.
The FBI has reportedly been called in to investigate the hack, and House Speaker Kevin McCarthy and House Minority Leader Hakeem Jeffries have requested more information regarding the attack, such as when affected congressmen and staff members and their families were notified and what services will be provided (such as credit monitoring). Additionally, they have requested to know what specific data was stolen, what measures have been taken to prevent future breaches, and what measures are being taken to mitigate losses.
U.S. House members’ data up for sale (BleepingComputer)
According to the hacker’s post, the stolen data contained information on about 170,000 affected individuals, including their names, relationships (spouses, children), dates of birth, addresses, email addresses, phone numbers, and social security numbers. This dataset has been on sale on a hacker forum since March 6th and reportedly has buyers.
In recent years, healthcare institutions have become increasingly targeted for cyber attacks, mainly because they hold a large amount of personal identity and health data of doctors, staff members, and patients. According to Check Point’s report, the number of global cyber attacks in 2022 increased by 38% compared to the previous year, with healthcare, education, research, and government being the top three industries favored by attackers.
Via: BleepingComputer
