March 10, 2023

A data breach involving Washington, D.C.’s healthcare exchange platform has exposed sensitive information about Congress members and staff, according to a letter from Catherine Szpindor, the House’s chief administrative officer.

The breach exposed personal information from DC Health Link website enrollees. It exposed social security numbers, names of family members, emails, phone numbers, and home addresses of members of the United States House of Representatives and their staff.

According to reports, the breach was caused by a security incident with DC Health Link, Washington’s government health insurance marketplace. On March 6, a user going by the handle “IntelBroker” posted the stolen data to an online forum where data breaches are publicized and data is either published for download or sold. That post was later removed, and “IntelBroker” is now listed as permanently banned.

Three days later, on March 9, a second user, “Denfur,” whose signature on the site reads “Glory to Russia!” posted what they claimed was the full database, along with a sample of 200 entries. The full dataset includes 67,565 unique entries and about 55,000 “unique people,” Denfur claimed.

House Speaker Kevin McCarthy, R-Calif., and Minority Leader Hakeem Jeffries, D-N.Y., have since asked DC Health Link for more information on the scope of the apparent breach.

The sources for this piece include an article in Gizmodo.