The campaign organization for House Republicans was the victim of a cyberattack that exposed email accounts to an unknown intruder during the 2018 election cycle, people familiar with the matter said.
It wasn’t known if a foreign government was behind the intrusion into the computer networks of the National Republican Congressional Committee, a person familiar with the case said. But the intruder was “sophisticated, based on their tactics and methods,” and the intrusion “was clearly designed to hide the tracks of who it was,” this person said, speaking on the condition of anonymity because the matter is under investigation.
The intrusion was first reported by Politico, which said senior House Republicans, including Speaker Paul D. Ryan (R-Wis.), as well as rank-and-file members weren’t told of the breach until the news organization inquired about the episode with the committee on Monday.
“The NRCC can confirm that it was the victim of a cyber intrusion by an unknown entity,” said Ian Prior, a committee spokesman.
“The cybersecurity of the Committee’s data is paramount, and upon learning of the intrusion, the NRCC immediately launched an internal investigation and notified the FBI, which is now investigating the matter. To protect the integrity of that investigation, the NRCC will offer no further comment on the incident,” Prior said.
[NRCC blows off DCCC request to team up against foreign hackers]
The committee discovered the breach in April, according to a person familiar with the case. Officials conducted an internal investigation and contacted the FBI within days, this person said.
CrowdStrike, a cybersecurity firm, had already been retained by the committee.
The breach was discovered by a different company that was providing “managed security services” to monitor the network for breaches, the person said.
