Thousands of emails from senior aides at the National Republican Congressional Committee were compromised in a hack officials first detected in April but only publicly acknowledged this week, according to a Politico report.
A managed security services provider (MSSP) that was monitoring the NRCC’s network detected that the email accounts of four senior aides at the House GOP’s campaign arm were being surveilled. The MSSP notified the committee, which launched an internal investigation and alerted the FBI, Politico reported, citing three senior party officials.
The officials told Politico they believed a foreign agent was behind the attack, which they said hadn’t compromised donor information.
They also said the committee decided not to inform the public about the hack because the internal investigation was still pending.
Several senior House Republicans — including Speaker Paul Ryan (R-Wis.), House Majority Leader Kevin McCarthy (R-Calif.) and Majority Whip Steve Scalise (R-La.) ― also did not know about the hack until this week, according to Politico.
Mercury Public Affairs, which the NRCC hired to manage the response to the hack, confirmed the attack.
“The NRCC can confirm that it was the victim of a cyber intrusion by an unknown entity,” Ian Prior, a vice president at Mercury, told Politico. “The cybersecurity of the Committee’s data is paramount, and upon learning of the intrusion, the NRCC immediately launched an internal investigation and notified the FBI, which is now investigating the matter.”
The NRCC and the Department of Justice did not immediately respond to HuffPost’s requests for comment.
News of the cyber attack comes just months after House Republicans withdrew from bipartisan negotiations on a deal that would have prevented both parties from using hacked materials during the midterm election cycle. The deal was a key step toward regulating how committees and candidates respond to such attacks, especially after Russian hackers leaked thousands of pages of Democratic documents during the 2016 presidential election.
But Republicans believed provisions that would bar candidates from seizing on hacked or stolen material that had already entered the public domain via news outlets were overly prohibitive.
The NRCC leaders withdrew from the deal in September, which would mean they had already known about their own hack for nearly six months.
The attack may undermine President Donald Trump’s claim in July that Republicans are better than Democrats at cybersecurity.
“The DNC should be ashamed of themselves for allowing themselves to be hacked. They had bad defenses, and they were able to be hacked,” Trump told CBS News, referring to the 2016 attack. “I heard they were trying to hack the Republicans, too. But, and this may be wrong, but they had much stronger defenses.”