Personally identifiable information relating to members of Congress and their staff may have been exposed in a data breach incident. Credit: Daniel Huizinga A health insurance marketplace that provides coverage for members of the US Congress and congressional staffers was found to be compromised on Wednesday, according to a letter apparently sent from House Chief Administrative Officer Catherine L. Szpindor to members of that chamber.Szpindor’s office would not directly confirm or deny the authenticity of the letter, which was first published on Twitter by a reporter for the right-wing Daily Caller news site. However, a spokesperson for the CAO’s office did confirm the data breach and pledged to communicate updates from law enforcement to affected legislators and staff.Another spokesperson, for DC Health Link, also confirmed that personal information for “some DC Health Link customers” was exposed on a public forum, and added that an investigation is underway. “Concurrently, we are taking action to ensure the security and privacy of our users’ personal information,” DC Health Link said in a statement. “In addition, and out of an abundance caution, we will also provide credit monitoring services for all of our customers.”Data breach affects thousands of government healthcare enrolleesAccording to the leaked letter, members of the House did not appear to be the specific targets of the attack, but it said that “thousands” of enrollees in DC Health Link were potentially affected. The FBI, DC Health Link, and the US Capitol Police are all a part of the investigation, according to statements, and the latter agency said that there were few details available to the public at this stage. “Our agents are assisting the FBI with the ongoing investigation,” a spokesperson from the Capitol Police’s Public Information Office said via email. “There is more work to do before law enforcement can provide more details.”The House Administration Committee, headed by Representative Bryan Steil, a Wisconsin Republican, tweeted that it was “aware of the breach, and is working with the CAO to ensure the vendor takes necessary steps to protect the PII of any impacted member, staff, and their families.” A joint letter, signed by both Speaker of the House Kevin McCarthy and minority leader Hakeem Jeffries and published on Twitter, asked the Executive Director of the DC Health Benefit Exchange Authority, Mila Kofman, to provide information on formal notification to affected members. It also asked for further detail on both the extent of the breach and on mitigation measures.CSO will post updates as more information becomes available. Related content news Okta launches Cybersecurity Workforce Development Initiative New philanthropic and educational grants aim to advance inclusive pathways into cybersecurity and technology careers. By Michael Hill Oct 04, 2023 3 mins IT Skills Careers Security news New critical AI vulnerabilities in TorchServe put thousands of AI models at risk The vulnerabilities can completely compromise the AI infrastructure of the world’s biggest businesses, Oligo Security said. By Shweta Sharma Oct 04, 2023 4 mins Vulnerabilities news ChatGPT “not a reliable” tool for detecting vulnerabilities in developed code NCC Group report claims machine learning models show strong promise in detecting novel zero-day attacks. By Michael Hill Oct 04, 2023 3 mins DevSecOps Generative AI Vulnerabilities news Google Chrome zero-day jumps onto CISA's known vulnerability list A serious security flaw in Google Chrome, which was discovered under active exploitation in the wild, is a new addition to the Cybersecurity and Infrastructure Agency’s Known Exploited vulnerabilities catalog. By Jon Gold Oct 03, 2023 3 mins Zero-day vulnerability Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe