by WASHINGTON — A senior House official said a “significant data breach” in the Washington, DC, health insurance marketplace on Tuesday potentially exposed personally identifiable information on hundreds of lawmakers and staff.
In a letter obtained by NBC News, Managing Director Catherine L. Szpindor said Wednesday that she was alerted by the US Capitol Police and the FBI to a data breach at DC Health Link, the online marketplace for the Law of Affordable Care that manages health care plans for members. of Congress and certain Capitol Hill personnel.
“Currently, I do not know the size and scope of the breach, but the Federal Bureau of Investigation (FBI) has informed me that the account information and [personally identifiable information] Hundreds of Chamber members and staff were robbed,” Szpindor said. “I expect to have access to the list of affected registrants later today and will notify you directly if your information has been compromised.”
Szpindor added that it did not appear that House lawmakers were “the specific target of the attack” against DC Health Link.
a reporter from the daily caller first tweeted Szpindor’s letter.
The data breach also affected the Senate offices, according to an email sent to the Senate offices on Wednesday afternoon. which said that the Senate Sergeant-at-Arms was tipped off by the police about a data breach.
The notice said the “data included full names, enrollment date, relationship (self, spouse, child), and email address, but no other personally identifiable information (PII).”
A spokesman for the DC Health Benefits Exchange Authority, which operates DC Health Link, said Wednesday that it had launched an investigation into the breach.
“We have launched a thorough investigation and are working with forensic investigators and law enforcement. At the same time, we are taking steps to ensure the security and privacy of our users’ personal information,” the spokesperson said in a statement. “We are in the process of notifying affected customers and will provide identity and credit monitoring services.”
Credit monitoring services were also being provided for all affected customers, the spokesperson said.
The FBI and Capitol Police did not immediately respond to requests for comment.
Out of an “abundance of caution,” Szpindor said, lawmakers may choose to freeze family credit at three major credit bureaus, Equifax, Experian and Transunion.
According to Szpindor’s letter, House Speaker Kevin McCarthy, R-Calif., and House Minority Leader Hakeem Jeffries, D-N.Y., requested additional information from DC Health Link about what data was taken, who was affected and what measures were taken to protect the victims of the house rape.
The Chamber Administration Committee tweeted that panel chair Bryan Steil, a Wisconsin Republican, was aware of the data breach “and is working with the [chief administrative officer] to ensure that the provider takes the necessary steps to protect the PII of any affected members, staff, and their families.”
