◆ Personal information from federal lawmakers and congressional staff members was available on the dark web following a breach of DC Health Link, the health insurance marketplace for Washington, D.C.^[1] In an internal memo sent to U.S. House of Representatives staff members, House Chief Administrative Officer Catherine Szpindor informed recipients of the “significant data breach,” and warned them their data may have been compromised. DC Health Link is working with forensic investigators, Szpindor said. The FBI confirmed that account information and personal information belonging to House members and staff was stolen, although it does not appear they were specifically targeted in the attack. The FBI also said that while they believe the individuals selling the stolen information did not seem to be aware of its “high-level sensitivity” at the time, continued publicizing of the event would “certainly change” that. At least 17 current or former members of Congress had personal information exposed, according to CBS News.^[2] Rep. Joe Morelle (D-N.Y.) said hundreds of congressional staff may also have suffered a breach of their personally identifiable information. Morelle, the top Democrat on the House Committee on House Administration, said the panel has launched a review of the breach, in part to measure how many people who work in Congress have had sensitive information exposed. DC Health Link said in a statement that the breach impacted 56,415 individuals. The organization said it has identified two distinct groups of people impacted by the breach.^[3] Group 1 includes individuals whose information was posted publicly on the dark web; those individuals will be provided with three years of free identity and credit monitoring services, DC Health Link said. Group 2 includes individuals whose information was stored in the same manner as those in Group 1 but whose information hasn’t been published online. “These individuals are being notified in an abundance of caution as we cannot say with certainty their information was compromised because we have no evidence of access or download,” DC Health Link’s statement said. All individuals in Group 2 will also be provided with three years of free identity and credit monitoring services. At least two lawsuits against DC Health Link over the breach have been filed and are seeking class-action status.