A cybersecurity breach affecting congressional members' private information has been revealed to be more extensive than previously known.
The breach affects both House and Senate employees, with compromised data including sensitive information such as Social Security numbers, home addresses, and health insurance plan information.
A popular cybercrime forum has claimed to have sold the data, but this has not been independently verified. The Senate sergeant-at-arms has alerted Senate staff about the breach and provided a list of affected employees to contact. Meanwhile, House Speaker Kevin McCarthy and House Minority Leader Hakeem Jeffries have expressed concern over the breach in a letter to DC Health Link.
The affected health insurance service has initiated an investigation and is working with law enforcement, including the FBI. The breach raises concerns about the potential for identity theft among lawmakers and the need for greater accountability from the insurance service. However, some Senate staffers have expressed less concern, citing previous data breaches, such as the 2014-2015 Office of Personnel Management hack, which compromised millions of US government personnel records.
Austin Berglas, BlueVoyant Global Head of Professional Services, shared what this type of data breach means for victims and how consumers can protect themselves in the event of similar security incidents:
“The recent data breach of a DC Health Link, affecting numerous U.S. House members and staff, highlights that data such as protected health information (PHI) and social security numbers are constantly targeted by cyber criminals. PHI is so valuable because it maintains long term value opposed to other types of information that is commonly stolen. For example, stolen financial information such as credit cards are only valuable for a limited time — once a financial institution or victim realizes that the financial data has been stolen, they can cancel the card and the risk of further monetary loss ends.
At a minimum, PHI contains data such as social security numbers, addresses, dates of birth, plan information, and telephone numbers. As PHI can be used to make fake medical claims, open up new accounts, purchase prescriptions, and receive treatment, healthcare records are among the most valuable in dark web forums and marketplaces. In addition, some of the data contained in health records (name, date of birth, address, social security numbers) can provide a good start for cyber criminals to steal a person's identity and perform significant financial fraud.
Although many people have had information stolen in these types of data breaches, it is important to take a few proactive steps to help reduce the impact. Placing a hold or "freeze" on your credit can prevent unauthorized persons from using your social security number to open new accounts, make purchases, or establish new lines of credit. In addition, make sure to check your credit report to identify new accounts and consistently check financial accounts for unauthorized expenses or purchases.”