The National Republican Congressional Committee was hacked during the 2018 US midterm elections.
The breach, first reported by Politico, exposed thousands of emails to an unknown hacker.
‘The NRCC can confirm that it was the victim of a cyber intrusion by an unknown entity,’ Ian Prior, a spokesman for the NRCC, said in a statement. ‘The cybersecurity of the Committee’s data is paramount, and upon learning of the intrusion, the NRCC immediately launched an internal investigation and notified the FBI, which is now investigating the matter.’
The FBI declined to comment.
The NRCC also reported the hack to CrowdStrike, the cybersecurity company that led the investigation on the Democratic National Committee’s hack in 2016.
CrowdStrike acknowledged the NRCC had asked it to ‘unauthorized access’ to the committee’s emails in April. The company had previously helped protect the NRCC’s internal corporate network, which wasn’t affected.
None of the hacked emails were published, and the attackers didn’t contact the NRCC with threats to post them online, according to Politico.
Political organizations and campaigns were on high alert for cyberattacks after a major hack of the DNC in 2016. The Justice Department charged 12 Russian hackers with cyberattacks against the DNC. They infiltrated the Democrats’ email servers and published private messages online.
That included 50,000 emails from John Podesta, who was presidential candidate Hillary Clinton’s campaign manager at the time.
Politically motivated hackers made several attempts during the 2018 elections to access candidates’ emails. Then-Sen. Claire McCaskill, a Democrat from Missouri who was running for re-election, noted that a malicious website was sent to trick her staffers.
In attempts to prevent these cyberattacks, companies like Microsoft would take down phishing pages designed to fool campaign staffers. Google also offered advanced protection to politicians’ emails, through security keys and two-factor authentication.
The NRCC didn’t comment on how it was breached or why it waited until after Election Day to disclose the hack.
‘To protect the integrity of that investigation, the NRCC will offer no further comment on the incident,’ Prior said.