The Chief Administrative Officer of the House of Representatives, Catherine L. Szpindor, told lawmakers Wednesday their personal information was exposed in a “significant data breach” at a health insurance marketplace.
The data breach did not only affect the lawmakers.
“A serious breach at a healthcare administrator serving the U.S. House of Representatives has potentially exposed the personal data of hundreds of lawmakers and their staff, top representatives and a senior Congressional official said in letters circulated on Wednesday,” Reuters reported about the situation.
It did not appear that lawmakers were specifically the target in the breach, Szpindor said.
“I have been informed by the United States Capitol Police and DC Health Link of a data breach impacting Members and staff. DC Health Link suffered a significant data breach yesterday, potentially exposing the Personal Identifiable Information (PII) of thousands of enrollees. As a Member or employee eligible for health insurance through the DC Health Link, your data may have been comprised,” Szpindor wrote in a letter to colleagues on Capitol Hill on Wednesday
The letter continued:
“Currently, I do not know the size and scope of the breach, but have been informed by the Federal Bureau of Investigation (FBI) that account information and [personally identifiable information] of hundreds of Member and House staff were stolen. I expect to have access to the list of impacted enrollees later today and will notify you directly if your information was compromised.”
Zerohedge reported on the story adding:
Speaker Kevin McCarthy (R-CA) and Democratic leader Hakeem Jeffries (D-N.Y.) were told by the FBI that cyber security agents found personal information from DC Health Link on the dark web, according to The Washington Post, citing a letter sent by House leadership to the health insurance marketplace. Agents found the names of spouses, dependent children, their social security numbers, and home addresses.
According to their website, DC Health Link describes itself as:
DC Health Link is governed by the DC Health Benefit Exchange Executive Board appointed by the Mayor and confirmed by the District of Columbia Council. The professional staff is led by Executive Director Mila Kofman, J.D.
DC Health Link was created and is governed by the DC Health Benefit Exchange Authority (HBX). The HBX was established as a requirement of Section 3 of the Health Benefit Exchange Authority Establishment Act of 2011, effective March 3, 2012 (D.C. Law 19-0094). The mission of the DC Health Benefit Exchange Authority is to implement a health care exchange program in the District of Columbia in accordance with the Affordable Care Act (ACA), thereby ensuring access to quality and affordable health care to all DC residents. DC Health Link is the name of the DC Health Benefit Exchange program.
The HBX has an 11-member Executive Board that includes seven voting members from the general public and four non-voting members representing important public agencies of the District of Columbia government.
The HBX works closely with DC Department of Health Care Finance, Department of Human Services and Department of Insurance, Securities and Banking (DISB) to coordinate benefits and create a “no-wrong-door” environment for District residents seeking help with insurance coverage and costs.
DC Health Link confirmed the breach and stated, “data for some DC Health Link customers have been exposed on a public forum.”
Szpindor told lawmakers and staff to “freeze your credit” to prevent anyone from being able to “open a credit card, or taking out a loan in your name.”
The House Administration Committee tweeted its “aware of the breach and is working with the CAO to ensure the vendor takes necessary steps to protect the PII of any impacted member, staff, and their families.”
Identity fraud, especially with the open borders of Democrat Joe Biden is a top concern for many Americans. Cyberhacking and finding loose controls over data, is a profession for people, with attacks increasing among the American people.
Just this week, MSN reported that a former Navy couple from Selma pleaded guilty to allegations they stole the personal information of thousands of people and sold it on the dark web for $160,000 in digital currency, according to U.S. Attorney Phillip A. Talbert.
Marquis Hooper, 32, was charged with conspiracy to commit wire fraud, wire fraud and aggravated identity theft. His co-defendant, Natasha Chalk, 39, was charged with conspiracy.
Both are scheduled to be sentenced on July 24, 2023, by U.S. District Judge Jennifer L. Thurston.
They face a maximum statutory penalty of 20 years in prison and a fine of $250,000 for the conspiracy convictions. Hooper also faces a maximum statutory penalty of 20 years in prison and a fine of $250,000 for the wire fraud conviction, and two years in prison, consecutive to other counts, for the aggravated identity theft conviction.
Federal prosecutors said the couple used their positions in the Navy to siphon the personal information from thousands of people from a private company that normally restricts access to its database to businesses and government agencies with a proven and lawful need for the personal information, according to court records.
Although Hooper separated from the Navy in October 2018 after a 10-year career, he was able to convince the private company that he was working on behalf of the Navy and needed access to their records to run background checks on sailors.
His scheme worked and within a few months, Hooper and Chalk were able to collect the personal information from more than 9,000 people. Prosecutors said they then sold the information on the dark web for $160,000.
Some of the personal information sold by Hooper and Chalk was used by thieves to try and withdraw money from people’s bank accounts, according to federal officials.