Republican Donors’ Payment Card Information At Risk
With the general election just a few weeks away, Republican donors received some bad news.
First, anyone who donated to Senate Republicans in the past six months may have had their credit card information stolen, as the National Republican Senatorial Committee (NRSC) was infected with malware in March.
Dutch security researcher Willem de Groot, who was the first to report the breach, said the attackers were able to use security vulnerabilities and weak passwords to infect the NRSC systems with malware. The organization was one of 5,900 ecommerce sites targeted by the group.
Since the initial attack, only 630 websites have rid their systems of the malware, according to de Groot. He also said 754 of these websites could have been attacked as early as 2015. The malware can go undetected for a long period because it is silently installed in a webpage’s code and appears normal to an untrained eye. It can also run on secure “https” pages.
In other donor-related news, the Center for Public Integrity reported this weekend that a pro-Donald Trump super PAC may also have been the source of a data breach but not because of a hack. Thursday night, the Great America PAC allegedly published the credit card numbers and expiration dates of 49 donors by mistake. The Center for Public Integrity found the credit card numbers as they were reviewing the super PAC’s September Federal Election Commission (FEC) campaign finance disclosures.
This comes one month after the super PAC erroneously revealed the cell phone numbers and/or email addresses of 336 of its donors.
Dan Backer, Great America PAC’s treasurer, blamed “an isolated software glitch in an otherwise automated process” for the mistake.
Backer said he would contact affected donors and encourage them to cancel their credit cards. He would also offer a “long-term extended identity theft monitoring and protection” and give a refund to anyone who requested one.
“Going forward, there’s going to be some unpleasant conversations with the compliance staff about these issues,” Backer added.