A massive data breach has been discovered in which hackers with the pseudonym ‘Denfur’ have reportedly sold a database containing the sensitive information of at least 55,000 customers of DC’s health insurance marketplace. The dark web post, which was still available as of this morning, claims that the database not only contains information from registered participants but members of Congress and their staffs, making this a rather unprecedented event.
According to researchers at Check Point Research, ‘Denfur’ posted the database for sale and expressed a desire for ‘Glory to Russia!’ in the post. As reported in a sample from CyberScoop, the leaked data contains personal data of former defense officials, lobbyists, and more. The Associated Press noted it was able to verify the data belonging to two victims, confirming the validity of the breach.
The breach has raised concerns in Congress and its members suggest any impacted individuals freeze their credit while the FBI investigates the data breach. Mark Warner, the Democratic Senator of Virginia and Chair of the Intelligence Committee has released a policy paper regarding cybersecurity measures in the health care sector, as well as a Senate Homeland Security Committee hearing planned to discuss similar topics. It is unclear how long the investigation will take and just how many individuals have been affected by the breach, but it is sure to raise alarms.
Axios has created a Codebook, which is available to sign up for, that provides daily updates on cybersecurity news. It is clear that this breach is a wake-up call for health care providers everywhere and that more measures may need to be taken to prevent these malicious actors from compromising the data of customers. How do you think this breach could have been avoided and what could have been done differently to protect the data of those in the database? We encourage your feedback and discussion on this issue.