The House GOP campaign arm suffered a major hack during the 2018 election, exposing thousands of sensitive emails to an outside intruder, according to three senior party officials.
The email accounts of four senior aides at the National Republican Congressional Committee were surveilled for several months, the party officials said. The intrusion was detected in April by an NRCC vendor, who alerted the committee and its cybersecurity contractor. An internal investigation was initiated and the FBI was alerted to the attack, said the officials, who requested anonymity to discuss the incident.
However, senior House Republicans — including Speaker Paul Ryan (R-Wis.), House Majority Leader Kevin McCarthy (R-Calif.) and Majority Whip Steve Scalise (R-La.) — were not informed of the hack until POLITICO contacted the NRCC on Monday with questions about the episode. Rank-and-file House Republicans were not told, either.
Rep. Steve Stivers (R-Ohio), who served as NRCC chairman this past election cycle, did not respond to repeated requests for comment.
Committee officials said they decided to withhold the information because they were intent on conducting their own investigation, and feared that revealing the hack would compromise efforts to find the culprit.
"We don't want to get into details about what was taken because it's an ongoing investigation," said a senior party official. "Let's say they had access to four active accounts. I think you can draw from that."
The hack became a major source of consternation within the committee as the midterm election unfolded. The NRCC brought on the prominent Washington law firm Covington and Burling as well as Mercury Public Affairs to oversee the response to the hack. The NRCC paid the two firms hundreds of thousands of dollars to help respond to the intrusion. The committee’s chief legal counsel, Chris Winkelman, devoted hours of his time to dealing with the matter.
Party officials would not say when the hack began or who was behind it, although they privately believe it was a foreign agent due to the nature of the attack.
Not to worry. Probably just a guy sitting on their bed who weighs 400 pounds. Seriously, the thing that is most troubling to me is that this happened after everyone was supposedly made aware of the importance of electronic security. Every Democratic and Republican political entity in the country should be operating under the assumption that someone is trying to read their mail. The "ongoing investigation" sounds like that knowledge of the hacking could have been a closely-held secret in hopes of catching the hacker. Off the top of my head, the fact that Ryan, McCarthy and Scalise were not informed suggests a concern about leaks.
Anyway, it will be fascinating to see where the story leads.