Republican Donors’ Payment Card Information At Risk

October 24, 2016, Written By Bill Hardekopf
Computer hacker stealing data from a laptop concept for network security, identity theft and computer crime

With the general election just a few weeks away, Republican donors received some bad news.

First, anyone who donated to Senate Republicans in the past six months may have had their credit card information stolen, as the National Republican Senatorial Committee (NRSC) was infected with malware in March.

Dutch security researcher Willem de Groot, who was the first to report the breach, said the attackers were able to use security vulnerabilities and weak passwords to infect the NRSC systems with malware. The organization was one of 5,900 ecommerce sites targeted by the group.

Since the initial attack, only 630 websites have rid their systems of the malware, according to de Groot. He also said 754 of these websites could have been attacked as early as 2015. The malware can go undetected for a long period because it is silently installed in a webpage’s code and appears normal to an untrained eye. It can also run on secure “https” pages.

“One reason that many hacks go unnoticed is the amount of effort spent on obfuscating the malware code,” said de Groot. “Earlier malware cases contained pretty readable Javascript but in the last scan more sophisticated versions were discovered. Some malware uses multi-layer obfuscation, which would take a programmer a fair bit of time to reverse engineer.”

In other donor-related news, the Center for Public Integrity reported this weekend that a pro-Donald Trump super PAC may also have been the source of a data breach but not because of a hack. Thursday night, the Great America PAC allegedly published the credit card numbers and expiration dates of 49 donors by mistake. The Center for Public Integrity found the credit card numbers as they were reviewing the super PAC’s September Federal Election Commission (FEC) campaign finance disclosures.

This comes one month after the super PAC erroneously revealed the cell phone numbers and/or email addresses of 336 of its donors.

Dan Backer, Great America PAC’s treasurer, blamed “an isolated software glitch in an otherwise automated process” for the mistake.

Backer said he would contact affected donors and encourage them to cancel their credit cards. He would also offer a “long-term extended identity theft monitoring and protection” and give a refund to anyone who requested one.

“Going forward, there’s going to be some unpleasant conversations with the compliance staff about these issues,” Backer added.



The information contained within this article was accurate as of October 24, 2016. For up-to-date
information on any of the terms, cards or offers mentioned above, visit the issuer's website.