A senior House official said today that a “major data breach” that occurred Tuesday in the Washington, D.C., health insurance market potentially exposed the personally identifiable data of hundreds of lawmakers and employees.
In a letter obtained by NBC News, the chief administrative officer (Kathryn L. Szbindor) said today that the US Capitol Police and the FBI had alerted her to the data breach at DC Health Link. It is an online marketplace for health care that manages health care plans for members of Congress and select Capitol Hill employees.
“At this time, I am not aware of the scale and scope of the breach, but the FBI has informed me that account information and (personally identifiable information) for hundreds of members and House staff members have been stolen,” Szbindor said. She added, “I expect to reach the list of affected employees later in the day, and I will notify you directly if your information has been stolen.”
Szbindor added that it did not appear that House lawmakers were the ones “intended to attack” DC Health Link.
The data breach also affected the Senate offices, according to an email sent to the Senate offices Wednesday afternoon, which said, “Law enforcement authorities have notified a Senate sergeant about the data breach.”
“The data included: full names, date of enrollment, relationship (personal, spouse, children), email address, but no other personally identifiable information,” the notice stated.
A spokesperson for D.C. Health Exchange, which operates DC Health Link, said on Wednesday that it had launched an investigation into the hack.
“We have launched a thorough investigation and are working with criminal investigators and law enforcement. At the same time, we are taking measures to ensure the security and privacy of our users’ personal information,” the spokesperson said in a statement. He added, “We are in the process of notifying affected customers, and will provide identity and credit monitoring services.”
The spokesperson said credit monitoring services for all affected customers have also been made available.
Out of an “extreme caution,” Szbindor said, lawmakers may choose to freeze family credit at three major credit bureaus: Equifax, Experian and Transunion.