John Bresnahan, Anna Palmer, and Jake Sherman report that iConstituent, a vendor providing an e-newsletter system used by many members of Congress for constituent outreach, was the victim of a ransomware attack.
The attack has reportedly impacted approximately 60 members of the House from both parties, who have been unable to retrieve constituent information for several weeks. The attack does not affect the House’s own network or systems — at least as far as is known at this time.
Chief Administrative Officer of the House, Catherine Szpindor provided a statement, published by Punchbowl News:
The Office of the Chief Administrative Officer was notified by iConstituent that their e-newsletter system was hit with a ransomware attack. iConstituent’s e-newsletter system is an external service available for House offices to purchase. At this time, the CAO is not aware of any impact to House data. The CAO is coordinating with the impacted offices supported by iConstituent and has taken measures to ensure that the attack does not affect the House network and offices’ data.
According to iConstituent’s information, their Constituent Engage Program (CEP) provides a “single platform where you can easily connect with constituents, collaborate on casework, and manage all internal and external communications.
Read more on Punchbowl News.
This incident has not appeared on any dedicated leak site by the time of this publication.
Because CEP may be used for internal communications and casework, DataBreaches.net emailed iConstituent to ask whether the unnamed threat actors may have obtained any internal communications from the offices of government officials. No reply has been received as of the time of this publication.
Editing by Dissent