A major data breach exposed the personal information of several hundred lawmakers and staffers in both the House and Senate, officials announced on Wednesday.
The breach of DC Health Link involved personal identifying information of those who had signed up for accounts on the service, which handles electronic health records.
“Speaker McCarthy and Democratic Leader Jeffries have formally requested additional information from DC Health Link on what data was taken, who was impacted and what steps they are taking — including providing monitoring protections — to protect House victims of this breach,” the House chief administrative officer said in an email.
The FBI is investigating, and has advised members to freeze their credit with Experian, TransUnion and Equifax as a precaution.
“It is important to note that at this time, it does not appear that Members of the House of Representatives were the specific target of the attack,” the chief administrative officer of that chamber said, and a similar message went out to members of the Senate.
In the Senate, it appears that only names of the members, staffers and their family members were revealed in the breach.
Chairman of the House Administration Committee Bryan Steil (R-WI) is working with the FBI and CAO to handle the breach and protect the information of the members.
House Speaker Kevin McCarthy (R-CA) and House Minority Leader Hakeem Jeffries (D-NY) said in a letter requesting more information that the breach could also involve family members of the congressional members and staffers.
“We write on a bipartisan basis concerning an egregious security breach within DC Health Link’s insurance marketplace, which has compromised the personal information of numerous House Members, spouses, dependents, and employees in both parties,” the letter said.
McCarthy and Jeffries letter:
“We write on a bipartisan basis concerning an egregious security breach within DC Health Link’s insurance marketplace, which has compromised the personal information of numerous House Members, spouses, dependents and employees in both parties.” https://t.co/wdBcAzo6Dz pic.twitter.com/IOshnHahfI
— Max Cohen (@maxpcohen) March 8, 2023
DC Health Link responds
“We have initiated a comprehensive investigation and are working with forensic investigators and law enforcement,” DC Health Link said in an email. “Concurrently, we are taking action to ensure the security and privacy of our users’ personal information.”
The breach was discovered when a broker for a seller on an online crime forum offered to sell 170,000 DC Health Link customers’ records, the Associated Press reported. The AP could not confirm that the seller actually had the data or whether it had been sold.
Some lawmakers have already had their personal information exposed by some on the left who doxed them when they did something to make them angry.
Keeping personal information private has become more challenging in an age of cybersecurity breaches and the ubiquity of data in the modern age.