The data breach occurred in March 2023 on DC Health Link known for serving members of the U.S. Congress and Washington D.C. residents.
A recent data breach is likely to affect hundreds of members of the US Congress as well as Capitol Hill staff after hackers stole personally identifiable information (PII) from DC Health Link, the online health insurance marketplace of the District of Columbia.
Hackread.com can confirm that a hacker has claimed to have leaked the stolen database on Breach Forums, a hacker forum that surfaced as an alternative to the popular and now-seized Raidforums.
In their post, the hacker stated that the data breach occurred in March 2023 on DC Health Link known for serving members of the U.S. Congress and Washington D.C. residents.
The hacker further stated that the total number of affected customers is around 55,000 including government staffers, politicians, members of the U.S. Congress and Senate and others. The database contains the following information:
- Full names
- Date of birth
- Phone numbers
- Race and Ethnicity
- Social Security Numbers
- Home and work email addresses
Hackread.com’s founder and editor, Waqas, has seen and analyzed the data, revealing that the database is actually a 29 MB CSV file with a large chunk of duplicate data, totalling details of almost 35,000 individuals.
DC Health Link has confirmed that data belonging to an unspecified number of customers has been affected by a security incident. The organization stated that it is currently working with law enforcement and notifying affected customers.
The FBI on the other hand has confirmed that they are investigating the matter and working with authorities to determine the scope of the breach and identify the responsible parties.
“Currently, I do not know the size and scope of the breach, but have been informed by the Federal Bureau of Investigation (FBI) that account information and of hundreds of Member and House staff were stolen,” Chief Administrative Officer Catherine L. Szpindor said.
The hackers may have also obtained sensitive health information, such as diagnoses and treatments; however, no such information has been leaked so far. The breach is particularly concerning given the sensitive nature of the data involved and the potential risks to the individuals affected.
Lawmakers and officials have expressed concern about the breach and the need for increased security measures to prevent similar incidents in the future. Some have called for greater investment in cybersecurity and stricter regulations to protect sensitive information. The FBI has urged anyone affected by the breach to monitor their personal information and report any suspicious activity.
Another Day, Another Data Breach in the U.S.
The latest data breach has hit both US government officials and unsuspecting victims, adding to the growing list of cyberattacks targeting the country. In February 2023, the FBI announced that it had investigated a “contained” data breach, and prior to that, hackers leaked the FBI security platform InfraGard’s database online.
In addition, the US Marshals Service was recently targeted in a ransomware attack. In January 2023, a security researcher discovered that the US no-fly list had been exposed to the public, and within days, the list was leaked on a hacker forum.
It is worth noting that a hacker and owner of Breach Forums was able to hack into the FBI’s email server and send a trove of emails with bogus threats.
- 52 Critical Orgs Hit by Ragnar Locker Gang – FBI
- US Govt’s secret terrorist watchlist exposed online
- Hackers Who Obtained CIA emails Breach FBI Servers
- Magecart skimming attack hits 8 US government sites