Data Breach Hits 'Hundreds' of Lawmakers And Staff On Capitol Hill (nbcnews.com) 24
A top House official said that a "significant data breach" at the health insurance marketplace for Washington, D.C., on Tuesday potentially exposed personal identifiable information of hundreds of lawmakers and staff. NBC News reports: In a letter obtained by NBC News, Chief Administrative Officer Catherine L. Szpindor said Wednesday that the U.S. Capitol Police and the FBI had alerted her to a data breach at DC Health Link, the Affordable Care Act online marketplace that administers health care plans for members of Congress and certain Capitol Hill staff. "Currently, I do not know the size and scope of the breach, but have been informed by the Federal Bureau of Investigation (FBI) that account information and [personally identifiable information] of hundreds of Member and House staff were stolen," Szpindor said. "I expect to have access to the list of impacted enrollees later today and will notify you directly if your information was compromised." Szpindor added that it did not appear that House lawmakers were "the specific target of the attack" on DC Health Link.
Out of an "abundance of caution," Szpindor said, lawmakers may opt to freeze family credit at three major credit bureaus, Equifax, Experian and Transunion. The data breach has also affected Senate offices, according to an email sent to Senate offices Wednesday afternoon that said the Senate Sergeant at Arms was informed by law enforcement about a data breach. The notice said that the "data included the full names, date of enrollment, relationship (self, spouse, child), and email address, but no other Personally Identifiable Information (PII)."
Out of an "abundance of caution," Szpindor said, lawmakers may opt to freeze family credit at three major credit bureaus, Equifax, Experian and Transunion. The data breach has also affected Senate offices, according to an email sent to Senate offices Wednesday afternoon that said the Senate Sergeant at Arms was informed by law enforcement about a data breach. The notice said that the "data included the full names, date of enrollment, relationship (self, spouse, child), and email address, but no other Personally Identifiable Information (PII)."
Fastest way to make information public! (Score:3, Funny)
Re:Fastest way to make information public! (Score:5, Funny)
Give it to the government. Their not the sharpest tacks in the box.
*they're*
Re: (Score:2)
Re: (Score:2)
Looks to me like it was DC Health Link. Crappy internet security is everywhere.
Re: (Score:2)
[rolls eyes]
Re: (Score:3)
Do you really think private enterprise is any better?
https://cyware.com/news/data-b... [cyware.com]
Re: (Score:2)
So far in my case....yes.
Re: (Score:3)
I've been a victim of several breaches involving private firms. Millions of Americans have.
Re: (Score:1)
Yes, that would be so much worse than the current money grubbing soulless corporations that run it now. /s
Waiver (Score:2)
I bet they all signed a waiver saying they agreed to have their medical records stored electronically where it is nice and easy for someone to steal all their stuff from anywhere in the world.
They agreed to this, and signed away their rights. What do they want?
Stop asking. Stop worrying. (Score:1)
"data included the full names, date of enrollment, relationship (self, spouse, child), and email address, but no other Personally Identifiable Information (PII)."
Names and email addresses? You mean PII your local pizza delivery guy has? Relationship status and kids? We're gonna pretend isn't plastered all over social media?
Personally I think the whole sound-the-PII-alarms has gotten a bit worn out. Companies need to stop asking for so much damn PII (to sell), and perhaps citizens need to lighten up a
Re: (Score:2)
Re: (Score:2)
The notice might have stated that, but the header of the demo file for the seller says: Subscriber ID,Member ID,Policy ID,Status,First Name,Last Name,SSN,DOB,Gender,Relationship,Benefit Type,Plan Name,HIOS ID,Plan Metal Level,Carrier Name,Premium Amount,Premium Total,Policy APTC,Policy Employer Contribution,Coverage Start,Coverage End,Employer Name,Employer DBA,Employer FEIN,Employer HBX ID,Home Address,Mailing Address,Work Email,Home Email,Phone Number,Broker,Race,Ethnicity,Citizen Status,Plan Year Start,Plan Year End,Plan Year Status
Then I'd say you have one or more liars to validate here. Looks like someone is going to have to fess up.
And quite frankly, with the corrupt lengths of tenure and average Lawmaker age of Boomer, a lot of the same PII was likely leaked in the OPM hack a few years ago that was significantly worse.
Good (Score:5, Insightful)
Good, as we all know nothing happens in this Country unless congress critters are affected.
Maybe now something real will be done to force Companies to get serious about security.
Re: (Score:2)
Re: (Score:3)
Hopefully, for all corporations not just their own.
You apparently have much more faith in Congress than I do...
Re: (Score:2)
The only thing that will come of this is that a law will be drafted, pushed, and passed in rapid succession to create a stiff punishment for THEIR (politician's) data being breached, nothing will be said of the what were to happen for the rest of us pee-ons.
Re: (Score:1)
Good, as we all know nothing happens in this Country unless congress critters are affected.
Maybe now something real will be done to force Companies to get serious about security.
"data included the full names, date of enrollment, relationship (self, spouse, child), and email address, but no other Personally Identifiable Information (PII)."
Uh huh. Let me know how bad they're gonna feel when you find you can't really do jack shit with that information.
Hell, this almost smells like an inside job just so they can brag they're "victims" too. You call that a hack?
Self-inflicted (Score:5, Interesting)
If they were making sensible laws about IT security, this would likely not have happened. Instead they are "helping" the industry and screw everybody over.
Shrug! Privacy & Internet Security... (Score:1)
Do NOT trust insurance companies (Score:2)
In several decades of IT consulting, I have repeatedly encountered insurance companies where everyone was an entitled, self-satisfied, arrogant prick who believed that their IT was perfect, that they knew everything, and they could not be told about the gaps in their knowledge; and they believed everyone they met had to jump to satisfy their every demand. And it always turned out that the individual involved did not have the authority to decide anything.
B
oh no! (Score:2)
HAH HAH.
Lameness filter encountered. Post aborted!
Filter error: Don't use so many caps. It's like YELLING.
good ol' slashdort
Sighseers (Score:1)
"Nothing more than a peaceful sightseeing tour”