Cybercriminals recently breached DC Health Link and stole sensitive data belonging to roughly 17,000 people, including members of the U.S. House of Representatives, with the data later put up on sale on a hacking forum.
DC Health Link is the health insurance marketplace that handles healthcare plans for U.S. House members, their employees and families.
While the officials couldn’t share any details about the data that was stolen, BleepingComputer found that it was being sold by a threat actor going by the name IntelBroker. The database contains names, dates of birth, addresses, email addresses, phone numbers, Social Security Numbers, which is more than enough to launch a successful identity theft campaign.
Breach confirmation
Officials were notified of the breach via an email from Catherine L. Szpindor, the U.S. House Chief Administrative Officer.
“DC Health Link suffered a significant data breach yesterday potentially exposing the Personal Identifiable Information (PII) of thousands of enrollees. As a Member or employee eligible for health insurance through the D.C. Health Link, your data may have been comprised,” Szpindor was cited saying. “Currently, I do not know the size and scope of the breach, but have been informed by the Federal Bureau of Investigation (FBI) that account information and Pit of hundreds of Mernber and House staff were stolen.
“It is important to note that at this time, it does not appear that Members or the House of Representatives were the specific target of the attack.”
The news was subsequently confirmed to the publication by Adam Hudson, the Public Information Officer for Health Benefit Exchange Authority. In a statement sent to the media, Hudson confirmed that some of the data stolen in the breach were leaked online.
“We can confirm reports that data for some DC Health Link customers has been exposed on a public forum. We have initiated a comprehensive investigation and are working with forensic investigators and law enforcement. Concurrently, we are taking action to ensure the security and privacy of our users’ personal information. We are in the process of notifying impacted customers and will provide identity and credit monitoring services. In addition, and out of an abundance of caution, we will also provide credit monitoring services for all of our customers. The investigation is still ongoing and we will provide more information as we have more to share.”
The database also contains subscriber IDs, member IDs, plan names, coverage start and end, work emails, race, ethnicity, citizen status, and more.
It was put on sale early this week, with IntelBroker claiming it was stolen during the DC.gov Health Benefit Exchange Authority breach.
“I am looking for undisclosed amount in XMR crypto currency. Contact me on keybase @ IntelBroker. Middleman only,” the ad said. The hacker also said that at least one individual already made the purchase.
Via: BleepingComputer (opens in new tab)