A significant data breach of Washington, D.C.'s ACA marketplace potentially exposed personal identifiable information of hundreds of congressional lawmakers and staff, NBC News reported March 8.
The size and scope of the breach of DC Health Link is unknown, according to a letter from House Chief Administrative Officer Catherine Szpindor obtained by the outlet. She said it did not appear House lawmakers were the specific target of the attack.
Some Senate offices were also affected by the breach, according to the report. An email sent to Senate offices said "data included the full names, date of enrollment, relationship (self, spouse, child), and email address, but no other Personally Identifiable Information (PII)."
A DC Health Benefit Exchange Authority told the outlet it launched an investigation into the breach.
"We have initiated a comprehensive investigation and are working with forensic investigators and law enforcement," the spokesperson said in a statement, according to the report. "Concurrently, we are taking action to ensure the security and privacy of our users' personal information. We are in the process of notifying impacted customers and will provide identity and credit monitoring services."
A letter from House leaders to the head of the DC Health Benefit Exchange Authority stated that the FBI purchased some of the hacked material on the dark web, according to the report. That included Social Security numbers and other sensitive information connected to congressional members and staff.