Sensitive information was posted online from last week s health insurance marketplace for Washington, D.C. that affected members of Congress, according to Senate staffers briefed on the hack.
Staff from the Intelligence Committee said they learned that breached information is already up on one of the big hacker breach sites in an email to Senate offices. The information is easily accessible to people who know how to look for it, and includes name, address, Social Security number, birth desk phone number, what plan you signed up for, and how much your monthly contribution is. This is scary, the email said.
DC Health Link is an online marketplace that administers health care plans for members of Congress and certain Capitol Hill staffers, as well as others in the Washington area.
On March 6, a user on a dark web forum popular with criminal hackers claimed to have access to data including the names, Social Security numbers, contact information and family members, as well as other information, as well as other information, of a handful of DC Health Link users, and claimed to offer the full database for sale. The authenticity of the data hasn't been confirmed by NBC News.
The files were released to anyone with access to the site this week, according to a user on the site. More than 1,000 people with job information indicating they work for the House or the Senate are included in that database, which is viewed by NBC News. The personal information of several of its employees was accurate, according to a Senate office that asked not to be named to protect its staff's privacy.
The DC Health link has announced Tuesday that it could split many of its users into two groups - those whose information was exposed publicly and those whose data doesn't appear to have been compromised. It wasn't clear why there was a distinction, and DC Health Link didn't respond to a request for further information.
The letter said that they are working with the forensic investigators and law enforcement to find out your name and name of dependents who are enrolled in DC Health Link, Social Security Number, Date of Birth, Gender, Address, Email, and Phone Number. If your DC Health Link coverage is through an employer, it will include the employer name and information about the employer and work email. It said it was offering customers with compromised three years of free identity and credit monitoring for all three credit bureaus that they can access immediately.
The FBI and the U.S. Capitol Police are investigating.
In a letter last week to the head of the DC Health Benefit Exchange Authority, House Speaker Kevin McCarthy, R-Calif. and Minority Leader Hakeem Jeffries, D-N.Y. warned that the size and scope of impacted House customers could be extraordinary because thousands of members of Congress and congressional employees have used DC Health Link since 2014.