Cyber Attack On US Capitol Compromises Sensitive Personal Information Of Lawmakers

Several members of the House and Senate, along with their staff and families, were informed Wednesday that their personal information was hacked in a serious data breach of DC Health Link - the health insurance marketplace for Washington, D.C. The online marketplace holds information about more than 11,000 members of Congress and their staff and families.

The FBI also revealed some of the exposed data was found being sold for purchase on the dark web, according to CBS News.

House Chief Administrative Officer Catherine L. Szpindor sent a memo to affected members of Congress, informing them about the "significant data breach," which exposed their personal identifiable information (PII), including full names, date of enrollment, relationship (self, spouse, child) and email address.

"Currently, I do not know the size and scope of the breach," Szpindor wrote in the letter, as per Reuters. "At this time, it does not appear that Members of the House of Representatives were the specific targets of the attack."

Another letter sent on behalf of House Minority Leader Hakeem Jeffries and House Speaker Kevin McCarthy termed the security breach "egregious," adding that it "has compromised the personal information of numerous House Members, spouses, dependents and employees in both parties."

The Capitol Police and the FBI informed the House leaders that federal investigators were able to purchase some personal information of the members of Congress on the dark web after the breach. The FBI believes those selling the stolen information on the dark web aren't aware of the high-level sensitivity of the data.

"Fortunately, the individuals selling the information appear unaware of the high-level sensitivity of the confidential information in their possession, and its relation to Members of Congress," the lawmakers wrote, according to NBC. "This will certainly change as media reports more widely publicize the breach.

"Right now, our top priority is protecting the safety and security of anyone in the Capitol Hill community affected by the cyber hack," the letter added.

In the memo, Szpindor suggested members freeze their credit and provided precautionary measures to avoid being victims of fraud in the future.

Meanwhile, DC Health Link, in a statement to CBS, said it launched a comprehensive investigation into the matter and was working with forensic investigators and law enforcement.

"We are in the process of notifying impacted customers and will provide identity and credit monitoring services. In addition, and out of an abundance of caution, we will also provide credit monitoring services for all of our customers," DC Health Link said.