The email accounts of leading National Republican Congressional Committee officials were hacked during the 2018 midterm election, according to a report.
The email accounts of four senior aides at the National Republican Congressional Committee were surveilled for several months, party officials said. The intrusion was detected in April by an NRCC vendor, who alerted the committee and its cybersecurity contractor. An internal investigation was initiated and the FBI was alerted to the attack, said the officials, who requested anonymity to discuss the incident.
Politico, citing unnamed party officials, reports the culprit surveilled the emails accounts of four top NRCC aides for “several months.” A vendor of the House Republican campaign arm alerted officials of the breach in April, prompting the FBI to launch an investigation into the matter.
Politico reports:
However, senior House Republicans — including Speaker Paul Ryan (R-Wis.), House Majority Leader Kevin McCarthy (R-Calif.) and Majority Whip Steve Scalise (R-La.) — were not informed of the hack until POLITICO contacted the NRCC on Monday with questions about the episode. Rank-and-file House Republicans were not told, either.
…
Committee officials said they decided to withhold the information because they were intent on conducting their own investigation, and feared that revealing the hack would compromise efforts to find the culprit.
…
The hack became a major source of consternation within the committee as the midterm election unfolded. The NRCC brought on the prominent Washington law firm Covington and Burling as well as Mercury Public Affairs to oversee the response to the hack. The NRCC paid the two firms hundreds of thousands of dollars to help respond to the intrusion.
“We don’t want to get into details about what was taken because it’s an ongoing investigation,” one party aide told Politico. ”Let’s say they had access to four active accounts. I think you can draw from that.”
According to the report, sensitive donor data was not breached during the hack.
In a statement, Mercury Vice President Ian Prior confirmed the email breach had occurred and an investigation is underway. “The NRCC can confirm that it was the victim of a cyber intrusion by an unknown entity. The cybersecurity of the Committee’s data is paramount, and upon learning of the intrusion, the NRCC immediately launched an internal investigation and notified the FBI, which is now investigating the matter,” said Prior.
“To protect the integrity of that investigation, the NRCC will offer no further comment on the incident,” he added.
The FBI has not yet issued a statement regarding the matter.