A senior House official said today that a “major data breach” that took place Tuesday in the Washington, D.C. health insurance marketplace could potentially expose the personal details of hundreds of lawmakers and employees.
In a letter obtained by NBC News, the Chief Administrative Officer (Catherine L. Shbindor) said today that she was alerted by the US Capitol Police and the FBI about the data breach at DC Health Link. It is an online health marketplace that manages health care plans for members of Congress and elected employees of Capitol Hill.
“At this time, I am not aware of the extent and extent of the violation, but the FBI has informed me that account information and (personally identifiable information) for hundreds of members and employees of the House of Representatives have been stolen,” Shbindor said. She added: “I expect to receive a list of affected employees later in the day and will let you know directly if your information is stolen.”
Shbindor added that it appears that the House legislators were not the ones “intent on attacking” DC Health Link.
The data breach also affected Senate offices, according to an email sent to Senate offices Wednesday afternoon that said, “Law enforcement has notified Senate Sergeant of the data breach.”
“The data included: full names, date of enrollment, relationship (personal, spouse, children), email address, but no other personal information,” the notice says.
A spokesperson for the DC Health Exchange, which operates DC Health Link, said Wednesday that it has opened an investigation into the hack.
“We have launched a thorough investigation and are working with investigators and law enforcement. At the same time, we are taking steps to ensure the security and privacy of our users’ personal information,” the spokesperson said in a statement. He added: “We are in the process of notifying affected customers and will provide identification and credit monitoring services.”
The spokesperson said that credit monitoring services for all affected clients have also become available.
Out of “extreme caution,” lawmakers could freeze family credit at three major credit bureaus, Equifax, Experian and Transunion, Schbindor said.