Cyber Incident Victim: National Republican Senatorial Committee

In early October 2016, Dutch security researcher Willem De Groot disclosed a sustained cyberattack against the National Republican Senatorial Committee (NRSC) that compromised donor financial information. The breach targeted the NRSC's web store, which processed donations and merchandise purchases, with attackers installing credit card skimming malware on the payment portal. Evidence indicated the intrusion had persisted undetected for approximately six months prior to discovery, dating back to at least March 2016. De Groot's analysis revealed the NRSC was among more than 5,900 e-commerce platforms compromised by the same threat actor group during this period. The skimming operation captured sensitive payment card details—including card numbers, expiration dates, and security codes—from individuals who transacted through the NRSC website. Forensic examination of network traffic showed the stolen data was systematically exfiltrated to external servers rather than being stored locally on NRSC systems.

The compromised financial records were transmitted to a network of servers physically located in Belize but administered by a Russian-language internet service provider, suggesting potential operational ties to Russian-based threat actors. Security analysts assessed that the stolen payment card data was likely aggregated for resale on dark web marketplaces, exposing donors to fraudulent transactions and identity theft. The breach specifically impacted individuals who donated to or purchased merchandise from Republican campaigns via the NRSC portal during the six-month compromise window. No evidence suggested broader network infiltration beyond the payment processing systems of the web store. The scale of the campaign—affecting thousands of commercial sites alongside the political committee—indicated a financially motivated operation targeting vulnerable e-commerce platforms rather than exclusively political entities.