By Raphael Satter
WASHINGTON (Reuters) -A serious breach at a healthcare administrator serving the U.S. House of Representatives has potentially exposed the personal data of hundreds of lawmakers and their staff, top representatives and a senior Congressional official said in letters circulated on Wednesday.
One of the letters, which the House’s Chief Administrative Officer Catherine Szpindor (CAO) sent to members of Congress and which Reuters saw, said a “significant data breach” at DC Health Link had potentially exposed the personal information of thousands of enrollees.
“Currently, I do not know the size and scope of the breach,” Szpindor wrote, although she said the Federal Bureau of Investigation had told her that the “hundreds of Member and House staff” had been affected.
“At this time, it does not appear that Members of the House of Representatives were the specific targets of the attack,” she added.
The CAO’s office confirmed the breach and said it was “deeply concerned.” DC Health Link said in a statement that “we can confirm reports that data for some DC Health Link customers has been exposed on a public forum.”
It did not name the forum but said it was working with investigators and law enforcement. The FBI did not immediately return messages seeking comment.
Another letter sent on behalf of House Speaker Kevin McCarthy and House Minority Leader Hakeem Jeffries and shared with Reuters said the breach came from a “cyber hack” and that lawmakers and their families in both parties had been hit, calling the incident an “egregious security breach.”
Republican and Democratic lawmakers alike released statements saying they were investigating.
The Committee on House Administration said on Twitter that its chairman, Republican Bryan Steil, was working with the CAO to protect members’ personal data. His Democratic counterpart, Democrat Joe Morelle, said in a statement that the “cause, size, and scope of the data breach impacting the DC Health Link still needs to be determined by the FBI.”
News of the breach was first reported by a Daily Caller journalist on Twitter.
(Reporting by Raphael Satter. Additional reporting by Eric Beech. Editing by Bill Berkrot and Josie Kao)
