CyberScoop reports that over 1,800 unique data entries belonging to Congress members, family, and staff that were stolen from the DC Health Link breach have been leaked by the threat actor dubbed "Denfur" on Sunday.
Hundreds of names across 20 or more foreign embassies and other employers were also included in the exposed dataset, with Denfur warning that more data from other databases will be leaked in the future. Such data theft was facilitated by a compromise of an exposed database that did not require any verification, according to Denfur, who noted that the database may have been exposed 18 months prior to the breach.
Breach response is still ongoing, said a source close to the matter, who added that the threat actor had to be familiar with the software before compromising DC Health Link. Moreover, only 21 current Congress members had their sensitive data exposed as a result of the incident, noted two senior congressional aides.