Threat Management, Email security

Republican Governors Association discloses breach

The Republican Party’s elephant symbol is seen on display Oct. 24, 2000, at the Republican campaign headquarters in El Paso, Texas. (Photo by Joe Raedle/Getty Images)

The Republican Governors Association (RGA) last week disclosed a breach to its email servers between February and March to states' attorneys general and affected parties.

According to information filed with the Maine attorney general's office, the breach was yet another resulting from widespread exploitation of Microsoft Exchange server around that time.

"On March 10, 2021, RGA was alerted to an exploit within its Microsoft Exchange Service email software. This was a widespread exploit at Microsoft that threat actor(s) utilized to attack companies across the globe. Once RGA learned of the exploit, it immediately launched a forensic investigation, with the assistance of global cybersecurity experts, into the nature and scope of the incident," the RGA informed users' whose personal data was taken in the breach, according to a sample email provided to the Maine AG.

In July, the Biden administration attributed the Exchange Server campaign to Chinese intelligence. That confirmed what Microsoft first announced discovering the attacks in March, that the attacks were being run out of China from a group the Redmond computing giant had nicknamed "Hafnium."

While China is typically associated with economic espionage, most nations participate in traditional espionage to determine what policies will affect them. That often involves eavesdropping on policy discussions at softer targets than governments, including political parties, think tanks and policy centers.

The RGA did not immediately reply to a request for comment. But it did tell victims "Out of an abundance of caution, RGA is also offering you two (2) years of complimentary credit monitoring and identity restoration services with Experian. RGA has also notified the Federal Bureau of Investigation, certain state regulators, and the consumer reporting agencies of this incident as required."

Joe Uchill

Joe is a senior reporter at SC Weekly, focused on policy issues. He previously covered cybersecurity for Axios, The Hill and the Christian Science Monitor’s short-lived Passcode website.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.