The investigators are warning that hackers could exploit security flaws to access sensitive and personal information on hundreds of thousands of people.
Covered California said there’s been no evidence anyone’s information has been compromised.
But, the Government Accountability Office said the flaws are there, and haven’t been fixed yet. The GAO, the investigative arm of Congress, shared its findings with state officials last September.
Security flaws were also found in the websites for the Kentucky, and Vermont exchanges.
The GAO has recommended that Covered California monitor cyber-security for those sites.