data breach

56,000 Affected by DC Health Link Data Breach

11,000 of the exchange’s more than 100,000 participants work in the House and Senate

By Matthew Stabley and The Associated Press

a young man types on an illuminated computer keyboard typically favored by computer coders
Sean Gallup/Getty Images

More than 56,000 customers were impacted by the DC Health Link data breach, the DC Health Benefit Exchange Authority revealed Friday.

The data fields compromised were name, Social Security number, birthdate, gender, health plan information, employer information and enrollee information – address, email, phone number, race, ethnicity and citizenship status.

Some 11,000 of the exchange’s more than 100,000 participants work in the House and Senate — in the nation's capital and district offices across the nation — or are relatives.

In a letter to the exchange's director posted on Twitter, House Speaker Kevin McCarthy, R-Calif., and Minority Leader Hakeem Jeffries, D-N.Y., said the breach “significantly increase the risk that Members, staff and their families will experience identity theft, financial crimes, and physical threats.” The stolen data includes Social Security numbers, phones, addresses, emails and employer names.

We're making it easier for you to find stories that matter with our new newsletter — The 4Front. Sign up here and get news that is important for you to your inbox.

The FBI said in a brief statement Wednesday evening it was aware of the incident and was assisting.

In the letter, McCarthy and Jeffries said the FBI had not yet determined the extent of the breach but that thousands of House members, employees and their families have enrolled in health insurance through DC Health Link since 2014. “The size and scope of impacted House customers could be extraordinary.”

A data breech of DC Health Link exposed thousands of people's data, including Capitol Hill lawmakers and staff. News4's Derrick Ward reports.

Local

Washington, D.C., Maryland and Virginia local news, events and information

Washington Capitals 22 mins ago

Capitals hold open practice amid playoffs excitement

Montgomery County 4 hours ago

Pedestrian killed on I-270 in Montgomery County

They said the FBI told them it was able to purchase the stolen data on the dark web, where it was offered for sale for an unspecified amount Monday on a hacker forum popular with cybercriminals.

It was not clear, though, whether and how the FBI could guarantee that copies of the stolen data were not circulating in the cybercrime underworld. Indeed, on Thursday, a new user on the forum claimed a hacker known as “thekilob” had stolen more than 55,000 records and exclaimed “Glory to Russia” in Cyrillic. Some of the most active cybercriminals are Russian speakers and operate with little interference from the Kremlin.

The user posted 200 records from the hack online and The Associated Press confirmed the sample's authenticity with two of the victims listed.

The DC Health Benefit Exchange Authority is working with law enforcement and reached out to impacted enrollees. It will provide three years of free identity and credit monitoring to all customers who want it.

NBCWashington/AP

This article tagged under:

data breachCongressWashington DC
Local Northern Virginia Prince George's County Subscribe to The 4Front Weather Changing Climate See It, Share It Videos Investigations Consumer Submit a tip The Scene Subscribe to The Weekend Scene Entertainment News 4 Your Home U.S. & World Money Report Politics Health Changing Minds
About NBC4 Washington Our news standards Our apps Submit photos and video Submit a consumer complaint Take our survey Promotions Newsletters Cozi TV
Contact Us