Personally identifiable information relating to members of Congress and their staff may have been exposed in a data breach incident. Credit: Daniel Huizinga A health insurance marketplace that provides coverage for members of the US Congress and congressional staffers was found to be compromised on Wednesday, according to a letter apparently sent from House Chief Administrative Officer Catherine L. Szpindor to members of that chamber.Szpindor’s office would not directly confirm or deny the authenticity of the letter, which was first published on Twitter by a reporter for the right-wing Daily Caller news site. However, a spokesperson for the CAO’s office did confirm the data breach and pledged to communicate updates from law enforcement to affected legislators and staff.Another spokesperson, for DC Health Link, also confirmed that personal information for “some DC Health Link customers” was exposed on a public forum, and added that an investigation is underway. “Concurrently, we are taking action to ensure the security and privacy of our users’ personal information,” DC Health Link said in a statement. “In addition, and out of an abundance caution, we will also provide credit monitoring services for all of our customers.” Data breach affects thousands of government healthcare enrolleesAccording to the leaked letter, members of the House did not appear to be the specific targets of the attack, but it said that “thousands” of enrollees in DC Health Link were potentially affected. The FBI, DC Health Link, and the US Capitol Police are all a part of the investigation, according to statements, and the latter agency said that there were few details available to the public at this stage. “Our agents are assisting the FBI with the ongoing investigation,” a spokesperson from the Capitol Police’s Public Information Office said via email. “There is more work to do before law enforcement can provide more details.”The House Administration Committee, headed by Representative Bryan Steil, a Wisconsin Republican, tweeted that it was “aware of the breach, and is working with the CAO to ensure the vendor takes necessary steps to protect the PII of any impacted member, staff, and their families.” A joint letter, signed by both Speaker of the House Kevin McCarthy and minority leader Hakeem Jeffries and published on Twitter, asked the Executive Director of the DC Health Benefit Exchange Authority, Mila Kofman, to provide information on formal notification to affected members. It also asked for further detail on both the extent of the breach and on mitigation measures.CSO will post updates as more information becomes available. Related content news Administrator of ransomware operation LockBit named, charged, has assets frozen A Russian national alleged to have been the administrator of the notorious and prolific LockBit ransomware provider faces international charges. A $10-million reward for the suspect’s arrest has been offered. By Lucian Constantin May 07, 2024 3 mins Advanced Persistent Threats Hacker Groups Ransomware news US deploys commerce and communications against cyber threats, Blinken says The US government is moving to address the challenges of quantum computing, cloud strategies, and generative AI, Anthony Blinken said in a speech that was light on specifics. By Evan Schuman May 07, 2024 4 mins Cyberattacks Government Threat and Vulnerability Management news Change Healthcare went without cyber insurance before debilitating ransomware attack In doing so, Change exposed itself not just to greater financial risk, but reputational damage too. By John Leyden May 07, 2024 5 mins Data Breach Ransomware news Citrix quietly fixes a new critical vulnerability similar to Citrix Bleed Much similar to Citrix-Bleed, the information disclosure bug was identified within NetScaler devices configured as gateway or virtual servers. By Shweta Sharma May 07, 2024 3 mins Vulnerabilities PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe