D.C. and Congress Health Data Breach Affected More Than 56,000

D.C. and Congress Health Data Breach Affected More Than 56,000

WASHINGTON — More than 56,000 people’s data, including social security numbers and other personal information, was stolen in a hack of the online health insurance marketplace for members of Congress and Washington, DC, small businesses and residents, officials said in a statement Friday night .

The DC Health Benefit Exchange Authority revealed the extent and scope of the data breach on Friday, when officials said they were taking the matter “very seriously”. District of Columbia officials learned of the attack on the DC Health Link marketplace Monday and “immediately launched an investigation, began cooperating with law enforcement and hired an outside forensics firm,” the statement said.

The investigation found that 56,415 customers were affected and the stolen data includes names, social security numbers, dates of birth, health plan information and other personal information, including home addresses, phone numbers, email addresses, ethnicity and citizenship status.

It was initially not known how many of those affected were members of Congress. Congressional leaders said earlier this week that Capitol Police and the Federal Bureau of Investigation had alerted them that the personal information of many lawmakers, employees and their families may have been compromised.

The online health insurance market serves approximately 11,000 members of Congress and their staff and approximately 100,000 people overall.

Exchange officials said they had reached out to affected enrollers to provide three-year identity and credit monitoring.

The SEC’s statement came two days after law enforcement officials briefed Speaker Kevin McCarthy, a California Republican, and Representative Hakeem Jeffries, a New York Democrat and minority leader, on the attack on the healthcare market. Federal investigators said they were able to acquire personal information about members of Congress and their families on the dark web as a result of the violation, the letter said.

According to an internal memo from the Senate Sergeant-at-Arms, the data of senators and their staff was also compromised.