FBI probes data breach of US House members & staff from DC Health Link. Stolen personal info posted for sale online. 170,000 affected...

Continue reading
The U.S. House of Representatives members and staff were impacted by a data breach currently under investigation by the FBI. The data breach resulted in the theft of personal and sensitive information from the servers of DC Health Link, the organization responsible for administering healthcare plans for US House members, their staff, and their families. The breach was announced via email by Catherine L. Szpindor, the US House Chief Administrative Officer, to the affected individuals.
According to Szpindor, _"DC Health Link suffered a significant data breach yesterday, potentially exposing the Personal Identifiable Information (PII) of thousands of enrollees. As a Member or employee eligible for health insurance through D.C. Health Link, your data may have been compromised."_ Although the size and scope of the breach are currently unknown, the FBI has notified Szpindor that the account information and PII of hundreds of members and house staff were stolen.

*Data Breach Email Notification of U.S. House Members*
While it appears that the members and the US House of Representatives were not the specific targets of the attack, the email did not provide any further details regarding the stolen data. However, BleepingComputer discovered that one threat actor known as IntelBroker is selling the U.S. House members' information stolen from DC Health Link's servers on a hacking forum.
According to BleepingComputer, a sample of stolen data with the database header shows that it contains the information of roughly 170,000 affected individuals. The report includes their names, dates of birth, addresses, email addresses, phone numbers, Social Security Numbers, and other sensitive information. Subscriber ID, Member ID, Policy ID, Status, First Name, Last Name, SSN, DOB, Gender, Relationship, Benefit Type, Plan Name, HIOS ID, Plan Metal Level, Carrier Name, Premium Amount, Premium Total, Policy APTC, Policy Employer Contribution, Coverage Start, Coverage End, Employer Name, Employer DBA, Employer FEIN, Employer HBX ID, Home Address, Mailing Address, Work Email, Home Email, Phone Number, Broker, Race, Ethnicity, Citizen Status, Plan Year Start, Plan Year End, and Plan Year Status are some of the personal data that have been compromised.
The data was posted for sale on March 6, and IntelBroker claims it was stolen after breaching the DC.gov Health Benefit Exchange Authority. IntelBroker is demanding an undisclosed amount in XMR cryptocurrency and is asking to be contacted on keybase.
Adam Hudson, the Public Information Officer for Health Benefit Exchange Authority, confirmed that some of the stolen DC Health Link data were exposed online, and they are investigating the matter. Notifications will be sent to those affected, and they will provide identity and credit monitoring services. Hudson stated, _"The investigation is still ongoing, and we will provide more information as we have more to share."_

*U.S. House Members Data Available for Sale*
This data breach incident shows that cybercriminals will go to any extent to get hold of personal and sensitive information. Organizations that handle personal data must take the necessary security measures to protect their customers' information. The FBI is investigating the matter, and it is hoped that the perpetrators will be brought to justice soon. Individuals whose personal data has been compromised should be vigilant and take the necessary precautions to protect themselves from potential identity theft and fraud.

A third-party software flaw inside one of Japan's largest telcos exposed login credentials for up to 14.2 million email accounts across six ISPs. The passwords? Some were hashed. Some may not have been