Mar 10, 2023 - Technology

What's at stake in the recent D.C. health insurance breach

Illustration of a stethoscope draped over the dome of the US Capitol building.

Illustration: Gabriella Turrisi/Axios

A hacker who uses the pseudonym "Denfur" is selling a database they claim includes stolen sensitive data from at least 55,000 customers of D.C.'s health insurance marketplace, including members of Congress and their staffs.

Driving the news: Congressional leaders started warning lawmakers on Wednesday about the breach at DC Health Link and suggested they freeze their credit while an investigation continues.

  • DC Health Link, which confirmed the breach and dark web leaks in a statement, helps all city residents purchase health insurance, not just members of Congress.

What's happening: Researchers at Check Point Research told Axios Thursday that a malicious hacker had posted the database for sale on the "biggest English-speaking dark web hacking forum." The member claims the database includes sensitive data from thousands of customers, including Social Security numbers, birthdates and home addresses.

  • Denfur is now selling the stolen database for just "a few dollars," researchers noted. Denfur signed off the post with "Glory to Russia!"
  • CyberScoop reports that a sample of the stolen data includes information about former defense officials and lobbyists, and the Associated Press reported it was able to authenticate data belonging to two victims in the set.
  • Axios has seen the dark web post, which was still live as of Friday morning.

Why it matters: Malicious actors often rely on stolen personal data to commit identity theft and hijack online accounts, and it's rare for them to be able to collect verifiable information from high-ranking U.S. officials.

What they're saying: "Such precious information will have high demand in the dark web and, in the wrong hands, can lead to significant downstream consequences," Sergey Shykevich, threat intelligence manager at Check Point Research, said in a statement.

Zoom out: The breach comes as lawmakers focus more on cybersecurity issues plaguing the health care sector.

Yes, but: DC Health Link and the FBI are still investigating the precise scope of the data breach, and it's yet to be confirmed how many people have actually been affected.

Sign up for Axios’ cybersecurity newsletter Codebook here.

Go deeper