Cyberthieves stole more than $186,000 from Rep. Diana Harshbarger's campaign committee, federal records show.
The Republican from Tennessee recouped the lost funds.
But others haven't been so lucky as a theft epidemic strikes political committees.
Republican Rep. Diana Harshbarger of Tennessee is the latest victim in a string of financial crimes against federal-level political committees that's quickly reaching epidemic levels.
A cyber thief known only as "Vix" stole more than $186,000 from Harshbarger's campaign account in an "unauthorized fraudulent wire transfer" on July 8, according to records filed with the Federal Election Commission.
The Harshbarger campaign told the FEC that the bank in which the stolen funds were deposited "froze the funds and returned all the money in question," meaning the freshman congresswoman didn't lose the money for long - in contrast to other prominent political committees that have together lost millions of dollars in recent years.
"Our internal controls caught a fraudulent invoice, and steps were taken immediately to rectify the situation, and we recovered the full amount," Zac Rutherford, Harshbarger's congressional chief of staff and senior campaign advisor, said in a statement to Insider. "We reported the crime (or matter) to the FBI and consulted the FEC on how to report this unauthorized expenditure."
Harshbarger's campaign did not elaborate on how, precisely, the money was stolen. But a person familiar with the theft described it as a sophisticated effort with the thief ultimately depositing the Harshbarger campaign's money in a Wells Fargo bank account.
Robert Sumner, spokesperson for Wells Fargo's government relations and public policy team, declined to comment.
In a statement to Insider, the FBI said its "standard practice is to neither confirm nor deny the existence of any investigation, or comment on information we may receive from the public."
FEC spokesperson Judith Ingram said her agency "cannot comment on individual candidates or committees." Ingram noted that the FEC provides detailed guidance to political committees about defending against theft and instructions about what to do if money is stolen from a campaign account.
Epidemic of political theft
Dozens of political committees of all kinds and sizes have lost money at the hands of thieves and embezzlers, according to an Insider analysis of federal campaign finance records.
Among them: President Joe Biden's 2020 presidential campaign, the Republican National Committee, and a host of corporate, union, and ideological PACs. Even a bank's PAC has been struck.
More recently, the American Hospital Association's political action committee and Kanye West's 2020 presidential campaign committee have fallen victim to financial fraudsters.
While most of the thefts are relatively small by political campaign standards - in the hundreds or thousands of dollars - others, such as the one that struck Harshbarger's campaign, reach into the five-, six- or seven-figure range.
Cybertheft methods such as phishing are preferred methods among perpetrators. But more old-school techniques, such as stealing or falsifying paper checks, are also common.
Political committees are enticing targets for cybercriminals, said James E. Lee, chief operating officer of the Identity Theft Resource Center, a nonprofit organization that helps consumers, businesses, and government entities avoid and recover from cybercrime.
"Campaigns often lack the training, awareness, and tools to fight against the well-organized, highly skilled, and relentless cybercrime groups that specialize in phishing attacks," Lee told Insider. "Campaigns also have two things that financially motivated identity criminals want - cash and the personal information of donors. Nation/state threat actors may also be interested in the donor information, depending on the candidate and office the candidate is seeking."
Political committees should take several steps to secure their operations against cyber-threats, Lee said, including:
Training staff members, vendors, and key volunteers with access to the campaign's computer systems to "spot phishing and social engineering attacks."
Using a third-party cybersecurity service to "ensure the campaign's network, databases, and applications are secure and kept up-to-date."
Using multi-factor authentication to access campaign accounts.
Requiring campaign vendors to "meet or exceed the same security standards" as the campaign committee itself.
Practicing "good data minimization protocols." In other words: "Don't collect information you don't need. Don't keep informational longer than you need it. Secure information you do keep."
Harshbarger, who easily won a second term in Congress earlier this month, "would be open" to supporting legislation in the next Congress that "helps boost cybersecurity for everyone affected by financial crimes," Rutherford said.