House Republican campaign committee was hacked during 2018 election

Thousands of emails were stolen from the National Republican Congressional Committee.

Alfred Ng Senior Reporter / CNET News

Alfred Ng was a senior reporter for CNET News. He was raised in Brooklyn and previously worked on the New York Daily News's social media and breaking news teams.

See full bio

Alfred Ng

Dec. 4, 2018 5:38 p.m. PT

2 min read

NRCC Field Office — Volunteers work the phones in a National Republican Congressional Committee field office in California in May. The NRCC was hacked in April.
Photo By Bill Clark/CQ Roll Call

The National Republican Congressional Committee was hacked during the 2018 US midterm elections.

The breach, first reported by Politico, exposed thousands of emails to an unknown hacker.

"The NRCC can confirm that it was the victim of a cyber intrusion by an unknown entity," Ian Prior, a spokesman for the NRCC, said in a statement. "The cybersecurity of the Committee's data is paramount, and upon learning of the intrusion, the NRCC immediately launched an internal investigation and notified the FBI, which is now investigating the matter."

The FBI declined to comment.

The NRCC also reported the hack to CrowdStrike, the cybersecurity company that led the investigation on the Democratic National Committee's hack in 2016.

CrowdStrike acknowledged the NRCC had asked it to investigate "unauthorized access" to the committee's emails in April. The company had previously helped protect the NRCC's internal corporate network, which wasn't affected.

None of the hacked emails were published, and the attackers didn't contact the NRCC with threats to post them online, according to Politico.

Political organizations and campaigns were on high alert for cyberattacks after a major hack of the DNC in 2016. The Justice Department charged 12 Russian hackers with cyberattacks against the DNC. They infiltrated the Democrats' email servers and published private messages online.

That included 50,000 emails from John Podesta, who was presidential candidate Hillary Clinton's campaign manager at the time.
Politically motivated hackers made several attempts during the 2018 elections to access candidates' emails. Then-Sen. Claire McCaskill, a Democrat from Missouri who was running for re-election, noted that a malicious website was sent to trick her staffers.

In attempts to prevent these cyberattacks, companies like Microsoft would take down phishing pages designed to fool campaign staffers. Google also offered advanced protection to politicians' emails, through security keys and two-factor authentication.

The NRCC didn't comment on how it was breached or why it waited until after Election Day to disclose the hack.

"To protect the integrity of that investigation, the NRCC will offer no further comment on the incident," Prior said.

Originally published at 10:23 a.m. PT.
Updated at 11:11 a.m.: To note that the FBI declined to comment.
Updated at 5:38 p.m.: Adds CrowdStrike comment.

CNET Magazine: Check out a sample of the stories in CNET's newsstand edition.

CNET's Holiday Gift Guide: The place to find the best tech gifts for 2018.