Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Letter from US Congress asks insurance marketplace, ‘how badly have we been hacked?’

The speaker of the United States House of Representatives and its Democratic leader have sent a remarkable letter to a health insurance marketplace, informing them of a data breach and asking the organisation to investigate the extent of the hack.

user icon David Hollingworth
Fri, 10 Mar 2023
Letter from US Congress asks insurance marketplace, ‘how badly have we been hacked?’
expand image

The letter, dated 8 March, is co-signed by both Kevin McCarthy, the Republican speaker, and Hakeem Jeffries, his Democrat counterpart.

According to the letter, the United States Capitol Police informed Congress that the DC Health Benefit Exchange Authority had suffered a data breach and that the FBI confirmed the hack — by actually purchasing the data on the dark web.

DC Health Link has said it is aware of the attack and is in the process of notifying its customers, as well as providing protection against identity theft.

============
============

“At this moment, the cause, size and scope of the data breach affecting DC Health Link could not be determined by the FBI,” the letter read. “Thousands of House members and employees from across the United States have enrolled in health insurance through DC Health Link for themselves and their families since 2014.”

“The size and scope of impacted House customers could be extraordinary.”

The DC Health Benefit Exchange Authority, by its own reporting, provides insurance to “approximately 11,000 designated congressional staff and members of Congress” and 100,000 Washington DC residents.

In a message sent to House members, the two House leaders called the incident “an egregious security breach”.

In a post on a hacking forum, a user by the name of IntelBroker has claimed responsibility for the hack and is selling the data — which appears to include a large amount of personal information, including social security numbers.

However, according to the Associated Press (AP), someone else is also claiming responsibility, saying that they have 55,000 sets of data. The hacker, called thekilob, then said: “Glory to Russia”. The AP has seen this data and confirmed it with two of the apparent victims.

“There was no indication the DC Health breach was ransomware-related,” the AP reported.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.