House Republican campaign arm hacked during 2018 election

The breach exposed thousands of NRCC emails to the attacker and appears to be the work of a sophisticated actor, a source familiar with the matter told CyberScoop.
NRCC hack
(Image from NRCC Website/Remixed by Greg Otto)

The National Republican Congressional Committee — the House GOP’s campaign organization — suffered a cyber-intrusion during the 2018 election, a committee spokesman said Tuesday.

“The NRCC can confirm that it was the victim of a cyber intrusion by an unknown entity,” NRCC spokesman Ian Prior said in a statement.

“The cybersecurity of the committee’s data is paramount, and upon learning of the intrusion, the NRCC immediately launched an internal investigation and notified the FBI, which is now investigating the matter,” said Prior, a vice president at Mercury Public Affairs, a firm helping the NRCC respond to the breach.

The NRCC had no further details beyond the statement.


The hack compromised thousands of NRCC emails and appears to be the work of a sophisticated actor, a source familiar with the matter told CyberScoop.

Politico was first to report on the NRCC breach, citing three senior party officials. Those officials would not say who was behind the hack, but “they privately believe it was a foreign agent” due to the nature of the breach, Politico reported. The email accounts of four senior NRCC officials were compromised in the hack, the report said.

In a statement, cybersecurity firm CrowdStrike said that the NRCC had asked the firm to investigate the breach in April. “Prior to the incident, CrowdStrike was helping to protect NRCC’s internal corporate network, which was not compromised in this incident,” added CrowdStrike, which also helped the Democratic National Committee respond to its 2016 breach.

The 2016 hack of the DNC and the Democratic Congressional Campaign Committee by Russian agents was a key moment in the presidential campaign. Through proxies like Wikileaks, the Russians released thousands of DNC emails in an effort to undermine the Democrats and the candidacy of Hillary Clinton.

President Donald Trump has publicly taunted the DNC for the 2016 breach and claimed that the Republicans had stronger cybersecurity. In July, Trump told CBS News that the DNC “should be ashamed of themselves” for the 2016 hack.


“I heard they were trying to hack the Republicans, too,” Trump added. “But, and this may be wrong, but they had much stronger defenses.”

In the aftermath of the 2016 election and in preparation for the 2018 midterms, Democrats and Republicans ramped up cyberdefenses for their campaign infrastructure. While U.S. election officials hailed progress in security, it ultimately wasn’t enough to come away from the election season unscathed.

Update, 6:01 p.m. ET: This story has been updated with a statement from CrowdStrike.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts