Unknown hackers had access to email accounts of four senior aides at the National Republican Congressional Committee for months, and neither the House GOP leadership nor the rank and file knew about it, according to a new report.
A vendor detected the improper access to the accounts in April, and informed the NRCC and its cybersecurity contractor, Politico reported on Tuesday citing sources within the Republican Party that wished to remain anonymous.
In an interesting twist, the NRCC’s cybersecurity contractor is Crowdstrike, the same company hired by the Democrats to respond to their 2016 hack, which they blamed on Russia.
Though the FBI was alerted to the attack, the Republican leadership only found out when Politico contacted them with questions on Monday.
An NRCC vendor detected the hack in April and alerted the committee and its cybersecurity contractor.
But senior House Republicans including Paul Ryan, Kevin McCarthy and Steve Scalise were not informed until POLITICO contacted the NRCC on Monday. https://t.co/AOpTqOppvi
— POLITICO (@politico) December 4, 2018
“The NRCC can confirm that it was the victim of a cyber intrusion by an unknown entity,” said Ian Prior, a vice president at Mercury Public Affairs, one of the firms the GOP hired to address the breach. “The cybersecurity of the Committee’s data is paramount, and upon learning of the intrusion, the NRCC immediately launched an internal investigation and notified the FBI, which is now investigating the matter.”
The NRCC reportedly paid “hundreds of thousands of dollars” to Mercury and the law firm Covington and Burling to manage the response to the hack.
House Republicans lost 39 seats in the November midterms. It is unclear to what extent, if at all, the NRCC hack could have contributed to that. Donor information was not compromised, the unnamed party officials told Politico.
If you like this story, share it with a friend!