WASHINGTON — The data of more than 56,000 people, including Social Security numbers and other personal information, was stolen in a hack of the online health insurance marketplace for members of Congress and Washington, D.C., residents, officials said in a statement on Friday night.
The D.C. Health Benefit Exchange Authority revealed the size and scope of the data breach on Friday as officials said they were taking the matter “very seriously.” District of Columbia officials learned of the attack on the D.C. Health Link marketplace on Monday and “immediately launched an investigation, began working with law enforcement and engaged a third-party forensics firm,” the statement said.
The investigation has found that 56,415 customers were affected, and the data stolen includes names, Social Security numbers, dates of birth, health plan information and other personal information, including home addresses, phone numbers, email addresses, ethnicity and citizenship status.
It was not immediately known how many of those affected were members of Congress. Congressional leaders said earlier this week that the Capitol Police and Federal Bureau of Investigation had informed them that the personal data of many lawmakers, staff members and their families had potentially been compromised.
The online health insurance marketplace serves about 11,000 members of Congress and their staff members, and about 100,000 people overall.
Exchange officials said they have reached out to affected enrollees to provide three years of identity and credit monitoring.
The exchange authority’s statement came two days after law enforcement officials told Speaker Kevin McCarthy, Republican of California, and Representative Hakeem Jeffries, Democrat of New York and the minority leader, about the attack on the health marketplace. Federal investigators said they had been able to purchase personal information about members of Congress and their families on the “dark web” because of the breach, the letter said.
The data of senators and their staff members were also compromised, according to an internal memo from the Senate sergeant-at-arms.