“Significant Data Breach” Hits Lawmakers On Capitol Hill

The Chief Administrative Officer of the House of Representatives, Catherine L. Szpindor, told lawmakers Wednesday their personal information was exposed in a “significant data breach” at a health insurance marketplace. 

“I have been informed by the United States Capitol Police and DC Health Link* of a data breach impacting Members and staff. DC Health Link suffered a significant data breach yesterday, potentially exposing the Personal Identifiable Information (PII) of thousands of enrollees. As a Member or employee eligible for health insurance through the DC Health Link, your data may have been comprised,” Szpindor wrote in a letter to colleagues on Capitol Hill on Wednesday.

It did not appear that lawmakers were specifically the target in the breach, Szpindor said. She continued:

“Currently, I do not know the size and scope of the breach, but have been informed by the Federal Bureau of Investigation (FBI) that account information and [personally identifiable information] of hundreds of Member and House staff were stolen. I expect to have access to the list of impacted enrollees later today and will notify you directly if your information was compromised.”

Speaker Kevin McCarthy (R-Calif.) and Democratic leader Hakeem Jeffries (D-N.Y.) were told by the FBI that cyber security agents found personal information from DC Health Link on the dark web, according to The Washington Post, citing a letter sent by House leadership to the health insurance marketplace. Agents found the names of spouses, dependent children, their social security numbers, and home addresses.

DC Health Link confirmed the breach and stated, “data for some DC Health Link customers have been exposed on a public forum.”

Szpindor told lawmakers and staff to “freeze your credit” to prevent anyone from being able to “open a credit card, or taking out a loan in your name.”

The House Administration Committee tweeted its “aware of the breach and is working with the CAO to ensure the vendor takes necessary steps to protect the PII of any impacted member, staff, and their families.”

Here’s Szpindor’s full letter to lawmakers about the data breach: