The House chief administrative officer on Monday warned Capitol Hill staffers that information stored in the breached iConstituent system "should be considered compromised" in the wake of a high-profile hacker attack on the email newsletter service.
"The CAO has confirmed with iConstituent that the hackers accessed the underlying operating system of the eNewsletter server within iConstituent’s infrastructure," House Chief Administrative Officer Dan Strodel wrote in an email sent Monday to all House chiefs of staff, obtained by The Hill. "All information on the impacted iConstituent system should be considered compromised."
"It is the CAO’s understanding this information includes at a minimum: account names, address and email addresses of contacts and distribution lists. In our estimate, more disclosures may happen," Strodel added.
Last week a Twitter account affiliated with the hacker group Anonymous claimed that it posted the email addresses and alleged passwords of hundreds of House and Senate staffers online. The leaked data ultimately turned out to be congressional aides’ expired login information for an outside email newsletter service by iConstituent, which is used by staffers to send newsletters to constituents back in lawmakers' home districts.
Strodel said his office has also contacted Twitter about the security breach and the San Francisco-based company has reset the passwords for all the Twitter accounts with email addresses that matched the ones posted online by the hackers last week.
In the email, Strodel emphasized that the House network was not compromised by the breach. However, House staffers with accounts for iConstituent's email newsletter service will have to change their House network login password on Monday, he said.
On Monday afternoon the Chief Administrative Office will hold a meeting for House offices affected by the hacker attack, which iConstituent executives will participate in.