Cyber consultant: Capitol Hill data breach ‘pretty significant,’ urges impacted members, staff to exercise precaution

Posted: Mar 9, 2023 / 06:31 PM EST

Updated: Mar 9, 2023 / 06:40 PM EST

WASHINGTON (DC News Now) — Congressional members and staff were notified Wednesday that their “personally identifiable information” may have been compromised after a data breach. Now, thousands are wondering what may come next.

A top official on Capitol Hill alerted people potentially impacted after the breach affected DC Health Link, according to an internal memo sent by the Chief Administrative Officer for the US House of Representatives.

The memo was sent to a Hill staffer covered by DC Health Link and shared with DC News Now.

“Currently, I do not know the size and scope of the breach, but have been informed by the Federal Bureau of Investigation (FBI) that account information and PII of hundreds of Member and House staff were stolen,” said House CAO Catherine L. Szpindor.

“This is pretty significant,” said Reginald Bullock II, a cyber security consultant with contractual experience with the US Departments of Homeland Security, and Commerce.

Bullock said, “The biggest thing is that when it comes to personally identifiable information (PII) you have your social security number, your home address, your previous home addresses, your birthdays and your passport information.”

Bullock said there are other proactive ways to block personal information from being misused, including password changes, as well as new answers to online security questions institutions like banks may prompt users, before accessing online accounts.

“It’s critical,” he said, “because that information can be the gateway or can help hackers answer questions that they didn’t know about you… Your security is critical, and we have to stay vigilant.”

Szpindor said the breach did not appear to specifically target Congressional members, meantime, providing a call for people to contact major credit bureaus to freeze family credit–
Equifax, Experian and TransUnion.

In a February interview with DC News Now, Bullock noted how online companies can access information related to internet browsing activity, due to cookies.

Szpindor’s memo also urged anyone fearful of possible identity theft to report activity to the FBI’s Internet Crime Complaint Center and to access more personal privacy advice online.