A Nebraska Republican disclosed that Russian government hackers breached his Signal account months ago in a spear-phishing operation, becoming the latest confirmed target in a broad Kremlin campaign against U.S. officials.
Rep. Don Bacon revealed this week that hackers linked to the Russian government gained access to his encrypted Signal messaging account roughly four to five months ago. The Nebraska Republican first disclosed the breach at a cybersecurity conference in Washington, telling attendees he had "just learned Russia hacked my Signal," then elaborated in remarks to Politico. The FBI and House cybersecurity officials are now actively investigating the incident, Bacon said.
The attack was a spear-phishing operation. Bacon told Politico that the operatives posed as a trusted acquaintance to trick him into surrendering account access, a method the FBI and the Cybersecurity and Infrastructure Security Agency have flagged as central to a large-scale Russian Intelligence Services campaign targeting Signal and WhatsApp accounts. The hackers did not break Signal's encryption; they manipulated the user into giving up credentials, according to a joint FBI-CISA advisory issued in March.
Bacon told Politico he does not believe classified information was exposed because he avoids using his personal devices for sensitive government communications. That caution appears to have limited the damage. The Nebraska congressman has been among the Republican caucus's most consistent voices pushing for continued U.S. support in Ukraine's defense against Russia's invasion, a policy stance that makes him a natural target for Kremlin intelligence operations.
This is not Bacon's first confirmed brush with state-sponsored hackers. In 2023, the FBI notified him that Chinese state-linked operatives had compromised his email accounts as part of a broader breach of Microsoft's cloud email systems that struck 22 organizations and more than 500 individuals worldwide, according to reporting by The Washington Post. That breach reached Commerce Secretary Gina Raimondo, the U.S. Ambassador to China, and senior State Department officials. Bacon told the Post at the time that China likely targeted him for his hawkish views on Taiwan and his seat on the House Armed Services Committee.
The two confirmed compromises by America's two principal adversaries leave Bacon in the rare position of having been successfully targeted by both Russia and China. He is not seeking re-election this year.
A Broader Russian Campaign
The Signal breach is not an isolated incident. The FBI and CISA warned in March that Russian intelligence actors have conducted a sustained phishing campaign against current and former U.S. government officials, military personnel, political figures, and journalists, compromising thousands of individual accounts, according to their joint advisory. The operation works by impersonating trusted contacts or platforms to harvest verification codes that allow attackers to link a victim's account to a device they control, giving them access to messages and the ability to send communications as the victim.
Fox News reported on the FBI warning that Russian hackers have specifically targeted high-value political and national security figures through Signal. The Bacon disclosure is the first confirmed case of a sitting U.S. congressman being directly compromised in this Russian operation, though the FBI and House investigators have not said whether other members of Congress were similarly affected.
No congressional leadership has announced new mandatory security protocols since Bacon's disclosure. The FBI-CISA advisory warned that once inside a trusted account, attackers can use it to target further victims in the contact list, meaning a single breach can cascade quickly through a lawmaker's network of colleagues and staff.
Investigators will now determine whether Bacon's account was used to contact other members of Congress or Hill staff during the four to five months Russia held access, a window stretching back to roughly late January or early February 2026. The scope of the damage depends on who was in his Signal contact list and how actively operatives exploited that access. With the midterm cycle underway and foreign adversaries actively targeting elected officials, the pressure on House leadership to tighten communications security will only grow.
Also read: NASA Chief Defends All-Male Artemis III Crew as Merit-Based Selection • Trump nominates CFPB veteran Brian Johnson to permanently lead the bureau • Trump says the U.S. will not renew USMCA and pushes Canada and Mexico into bilateral talks
