A DC healthcare insurance service has suffered a data breach resulting in the theft of personally identifiable information of hundreds of U.S. House members and staff, according to a CNN report. The breach has raised concerns about the security of sensitive personal data of government officials in the nation's capital.
According to House Chief Administrative Officer Catherine Szpindor, the FBI is currently investigating the "significant data breach" that occurred on Tuesday and may have affected hundreds of thousands of customers in the DC Health Link marketplace.
After the exploit, Kevin McCarthy, the Speaker of the House, and Hakeem Jeffries, the Minority Leader of the House, wrote to Mila Kofman, the director of the DC Health Benefit Exchange Authority, saying that the FBI had informed them that the stolen user data, including "names of spouses, dependent children, their social security numbers, and home addresses," was for sale on the dark web.
According to a statement released by DC Health Link, "data for some DC Health Link customers has been exposed on a public forum."
On Monday, what seems to be an ad for the compromised files for sale was posted to a dark web forum and data marketplace. On Tuesday, the status was changed to "sold" after the item had already been purchased.
Data breaches have become increasingly common in the U.S. due to several factors. One reason is the rise of digital technology and the widespread use of the internet, which has made it easier for hackers to gain unauthorized access to sensitive information.
The U.S. government has taken several measures to mitigate data breaches and improve cybersecurity. In 2015, President Obama signed an executive order to promote information sharing about cyber threats between the government and private sector, and to establish cybersecurity standards for critical infrastructure.
In 2018, the Trump administration launched a cybersecurity strategy that emphasized protecting government networks, critical infrastructure, and the public from cyber threats.
In addition, the government has established agencies such as the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity and Communications Integration Center (NCCIC) to coordinate cybersecurity efforts and respond to cyber incidents.
The government has also enacted laws such as the Federal Information Security Modernization Act (FISMA) and the Cybersecurity Information Sharing Act (CISA) to improve cybersecurity across federal agencies and encourage information sharing between the government and private sector.
Despite these efforts, data breaches continue to occur, and the government has faced criticism for its handling of cybersecurity. However, the government remains committed to improving cybersecurity and protecting sensitive information from cyber threats.
DC Health Link said that the investigation is still ongoing, and that they plan to provide more information as it comes.