Members of Congress may have had their personal data exposed in the dark web following a massive hit to health insurance marketplace DC Health Link.
A letter penned by House Speaker Kevin McCarthy and Minority Leader Hakeem Jeffries warned that the impact of the breach “could be extraordinary,” placing lawmakers, their employees, and families at risk of identity theft, financial crimes, and physical threats.
Addressing the executive director of DC Health Benefit Exchange Authority, McCarty and Hakeem outlined that thousands of House members, employees, and their families have enrolled in health insurance through DC Health Link, indicating that the full size and scope of the breach could be significant.
The letter also confirmed that the FBI has been investigating the incident and has been able to determine that the stolen data was made available for purchase in the dark web.
.@SpeakerMcCarthy & Minority Leader Jeffries' letter regarding the DC Health Link data breach: pic.twitter.com/v6H3VtdGX4
— Mark Bednar (@MarkBednar) March 9, 2023
Some cybercriminals have already claimed responsibility for the hack, according to a report by the Associated Press, with one hacker boasting that he had stolen more than 55,000 records and exclaiming “Glory to Russia” in Cyrillic.
An internal memo sent to House staff obtained by NPR recommended the use of credit and identity theft monitoring resources. A similar memo sent out to all Senate email account holders said that anyone registered on the health insurance exchange should freeze their credit to prevent identity theft.
In response to the breach, DC Health Link said that it has “initiated a comprehensive investigation” with the help of forensic investigators and law enforcement.
“Concurrently, we are taking action to ensure the security and privacy of our users’ personal information. We are in the process of notifying impacted customers and will provide identity and credit monitoring services,” DC Health Link said in a statement. “In addition, and out of an abundance of caution, we will also provide credit monitoring services for all of our customers.”
A cyber threats index by the insurer Coalition revealed that 94% of organizations had at least one unencrypted service exposed to the internet in 2022. It also predicted a 13% increase in the number of new cyber vulnerabilities and exposures per month for 2023.