Hackers infiltrated the email accounts of four top National Republican Congressional Committee officials earlier this year, stealing thousands of pages of information and surveilling the officials for months, Politico reported Tuesday.
The hack was first discovered in April by a security services provider monitoring the NRCC network, and referred to the cybersecurity firm Crowdstrike.
None of the information has yet been released publicly, officials said.
The NRCC, an arm of the House of Representatives which works to elect Republicans to Congress, said donor information had not been compromised.
“The NRCC can confirm that it was the victim of a cyber intrusion by an unknown entity,” Ian Prior, vice president at Mercury Public Affairs, which the NRCC hired to handle fallout from the hack, told Politico this week. NRCC officials also hired the Washington-based law firm Covington and Burling to coordinate the response.
“The cybersecurity of the Committee’s data is paramount, and upon learning of the intrusion, the NRCC immediately launched an internal investigation and notified the FBI, which is now investigating the matter,” Prior continued. “To protect the integrity of that investigation, the NRCC will offer no further comment on the incident.”
Breaking: Thousands of sensitive emails were stolen from the National Republican Congressional Committee in a major hack during the 2018 election https://t.co/X0CAw2ykuX
— POLITICO (@politico) December 4, 2018
Republican officials have not yet stated who was behind the hack, nor have they identified the kind of information stolen or when the hack was initiated. House Speaker Paul Ryan (R-WI), House Majority Leader Kevin McCarthy (R-CA), and Majority Whip Steve Scalise (R-LA) were kept out of the loop until Monday. Rep. Tom Emmer (R-MN), who is set to take over as NRCC chair, was also briefed on the matter Monday.
NRCC leaders told Politico they withheld details on the hack because their investigation into the matter, assisted by the FBI, was ongoing.
“[…] It’s an ongoing investigation. Let’s say they had access to four active accounts. I think you can draw from that,” a senior party official told the outlet.
Politico notes that cybersecurity remains a top concern of both Republicans and Democrats, who notably suffered a major breach and email leak ahead of the 2016 election, after Russian attackers infiltrated the accounts of Democratic staffers, including Hillary Clinton’s campaign chairman, John Podesta.
Republicans have also been targeted by hackers in the past. In January 2017, then-FBI Director James Comey told lawmakers that hackers had infiltrated the accounts of Republican National Committee staffers, stealing a trove of older emails, from “email domains they were no longer using.”
And in August this year, Microsoft reported that hackers linked to the GRU — the Russian military’s intelligence wing — had targeted the accounts of groups “informally tied to Republicans,” specifically those which had been critical of President Trump’s relationship with Russian President Vladimir Putin.
“These are organizations that are informally tied to Republicans,” Microsoft president Brad Smith told The New York Times. “So we see them broadening beyond the sites they have targeted in the past.”
As Daily Beast reporter Sam Stein noted Tuesday, the NRCC and its counterpart, the Democratic Congressional Campaign Committee (DCCC) were engaged in talks over the summer to discuss a potential “truce” regarding leaked information from hacked materials. Stein wrote that “talks broke down after NRCC refused to commit to not citing/using news reports that were derived from hacked” emails to attack opponents or for campaigning purposes.