Hackers Acquired and Sold Data of US House Members
Hackers have acquired the sensitive personal information of a number of Members of the US House, along with their employees and family members. The stolen data appears to already have been sold on the dark web, as reported by CBS News.
The data was obtained via a significant data breach at health insurance provider DC Health Link. This is the insurance provider offered to eligible Members and staffers of the House and Senate, raising concerns that lawmakers and their families could be among those affected.
The news first broke on Twitter by a reporter for the Daily Caller, who shared the official email sent to potentially affected Members and staff by the House's Chief Administrative Officer (CAO), Catherine Szpindor.
Within the email, Szpindor stated that the FBI told her that the data of hundreds of Members and House staff had been compromised. However, she went on to say that “it does not appear that Members of the House of Representatives were the specific targets of the attack.”
DC Health Link has confirmed that data on an unspecified number of customers were affected and said it was working to notify the affected customers and law enforcement. A hacker on an online crime forum claimed possession of the data of 170,000 DC Health Link customer data and as of Tuesday, has allegedly sold the information to an unknown buyer.
According to the broker selling the data, DC Health Link was breached on Monday. The broker account, named "thekilob", said they were acting on the seller's behalf and declined to provide evidence to back the hacker’s claims when contacted by the Associated Press. The dark web forum post included a screenshot of sensitive data, such as Social Security numbers, addresses, phone numbers, employer names, and email addresses.
The hack follows several recent breaches affecting US healthcare companies in the past year, including the Heritage Provider Network in California, which exposed the personal data of more than 3 million patients.