Skip to main content hacked but no personal data stolen hacked but no personal data stolen


Hacker didn't specifically target the insurance site

Share this story

US government officials have confirmed that a hacker was able to access the earlier this year and upload malicious software to the insurance website. The breach, which was only discovered by the Department of Health and Human Services last week, took place in July. The officials reported the hack marked the first successful attack on, but specified the hacker wasn't specifically targeting the site, and that no personal records of the 5.4 million people who have used the site to buy health insurance since it launched were stolen.

The hacker reportedly uploaded malware that would allow's server to be used as a weapon in a DDoS (distributed denial of service) attack. With the software uploaded, the insurance portal could be coerced into sending huge amounts of traffic to other websites, taking them offline for extended periods of time. The hack was investigated by the Department of Homeland Security itself with help from the FBI and NSA. The agencies have reportedly traced the origin of the attack to IP addresses located outside the US, but they don't believe it was carried out by state-supported hackers.

The hacker uploaded malicious software to

A senior DHS official clarified that such attacks are common, saying "if this happened anywhere other than, it wouldn't be news." But The Wall Street Journal reports that Washington officials are nervy after the breach, which was made possible when a section of the site that was not meant to be connected to the internet was made accessible online while guarded by a simple default password. While no data was apparently stolen, the attack is still damaging: is preparing to offer open enrollment this coming November, and the apparent lack of security will be another stick with which Republican opponents to President Obama's healthcare reforms can beat the campaign after its troubled rollout.