"DC Health Link Data Breach Blamed on Human Error"

According to Mila Kofman, Executive Director of the District of Columbia Health Benefit Exchange Authority, the recent data breach of personal information for thousands of users of Washington D.C.'s health insurance exchange, including members of Congress, was caused by basic human error.  The data breach was first discovered in early March and included basic personal information, including date of birth, Social Security numbers, and contact information for "56,415 current and past customers including members of Congress, their families, and staff." Kofman stated that her office immediately brought in the FBI Cyber Security Task Force, and the security flaw was quickly tracked down to a particular computer server that was "misconfigured to allow access to the reports on the server without proper authentication.  Based on their investigation to date, they believe the misconfiguration was not an intentional but human mistake." Kofman noted that this security flaw enabled an unidentified hacker to steal two reports that contained the client information, some of which were later offered up for sale in an online forum.  Kofman stated that the stolen data "included that of 17 Members of the House and 43 of their dependents, and 585 House staff members and of their 231 dependents."

NBC Washington reports: "DC Health Link Data Breach Blamed on Human Error"