Personally identifiable information relating to members of Congress and their staff may have been exposed in a data breach incident. Credit: Daniel Huizinga A health insurance marketplace that provides coverage for members of the US Congress and congressional staffers was found to be compromised on Wednesday, according to a letter apparently sent from House Chief Administrative Officer Catherine L. Szpindor to members of that chamber.Szpindor’s office would not directly confirm or deny the authenticity of the letter, which was first published on Twitter by a reporter for the right-wing Daily Caller news site. However, a spokesperson for the CAO’s office did confirm the data breach and pledged to communicate updates from law enforcement to affected legislators and staff.Another spokesperson, for DC Health Link, also confirmed that personal information for “some DC Health Link customers” was exposed on a public forum, and added that an investigation is underway. “Concurrently, we are taking action to ensure the security and privacy of our users’ personal information,” DC Health Link said in a statement. “In addition, and out of an abundance caution, we will also provide credit monitoring services for all of our customers.” Data breach affects thousands of government healthcare enrolleesAccording to the leaked letter, members of the House did not appear to be the specific targets of the attack, but it said that “thousands” of enrollees in DC Health Link were potentially affected. The FBI, DC Health Link, and the US Capitol Police are all a part of the investigation, according to statements, and the latter agency said that there were few details available to the public at this stage. “Our agents are assisting the FBI with the ongoing investigation,” a spokesperson from the Capitol Police’s Public Information Office said via email. “There is more work to do before law enforcement can provide more details.”The House Administration Committee, headed by Representative Bryan Steil, a Wisconsin Republican, tweeted that it was “aware of the breach, and is working with the CAO to ensure the vendor takes necessary steps to protect the PII of any impacted member, staff, and their families.” A joint letter, signed by both Speaker of the House Kevin McCarthy and minority leader Hakeem Jeffries and published on Twitter, asked the Executive Director of the DC Health Benefit Exchange Authority, Mila Kofman, to provide information on formal notification to affected members. It also asked for further detail on both the extent of the breach and on mitigation measures.CSO will post updates as more information becomes available. Related content news F5 patches BIG-IP Next Central Manager flaws that could lead to device takeover Two high-risk vulnerabilities could allow attackers to gain full administrative control on devices via leaked password hashes. By Lucian Constantin May 08, 2024 5 mins Threat and Vulnerability Management Cloud Security Vulnerabilities news Suspected Chinese hack of Britain’s Ministry of Defence linked to contractor, minister confirms The UK’s defence minister would not confirm that the attack was conducted by an element of the Chinese state, rather blaming the “potential failings” of a partner. By John Dunn May 08, 2024 4 mins Aerospace and Defense Industry Data Breach Government news analysis Massive security hole in VPNs shows their shortcomings as a defensive measure Researchers found a deep, unpatchable flaw in virtual private networks dubbed Tunnelvision can allow attackers to siphon off data without any indication that they are there. By Evan Schuman May 08, 2024 8 mins Threat and Vulnerability Management Data and Information Security Network Security news DocGo says hackers stole patient data in a recent cyberattack The attack compromised some healthcare data with no material or financial losses, the company said. By Shweta Sharma May 08, 2024 3 mins Data Breach Hacking PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe