National Republican Campaign Committee has launched internal investigation into ‘cyber intrusion’ and notified the FBI.

The campaign arm for Republican congressional candidates fell victim to a cyberattack in April by an unidentified intruder, people familiar with the matter said on Tuesday, fueling concerns that the 2018 election campaign may have been more seriously targeted by hackers than previously known. The identity of the hacker wasn’t clear, but one person familiar with the investigation said it was believed the attack was from a foreign operator. Other people said they couldn’t attribute the source of the hack but that it was carried out by a sophisticated actor. The hacker didn’t directly breach the network belonging to the National Republican Congressional Committee but instead maliciously accessed confidential committee emails that were being hosted by a third-party cloud-service provider through a password compromise, people familiar with the investigation said. In a brief statement, a spokesman for the NRCC confirmed that an intrusion had taken place but declined to offer further details, citing an ongoing investigation into the breach. “The NRCC can confirm that it was the victim of a cyber intrusion by an unknown entity,” the spokesman said. “The cybersecurity of the Committee’s data is paramount, and upon learning of the intrusion, the NRCC immediately launched an internal investigation and notified the FBI, which is now investigating the matter.”

Some former officials and cybersecurity experts faulted the NRCC for not publicly disclosing the attack. “Not disclosing the hack of their systems endangered the elections,” said Brett Bruen, a former national security official in the Obama administration and current president of the Global Situation Room, a crisis communications firm. “The information extracted from this operation could have been of extremely high value for foreign intelligence services,” Mr. Bruen said.

Russian trolls and hackers mostly sat on the sidelines during the 2018 midterm election. While a limited amount of disinformation was detected, Russia didn’t engage in the same widespread campaign intended to disrupt the election, according to U.S. officials and cybersecurity companies looking for evidence of Russian interference.

More From The Wall Street Journal (subscription required):