Hacktivists release two gigabytes of Heritage Foundation data

A politically-oriented cybercrime group carried out the attack in response to Heritage’s Project 2025.
Former President Donald Trump gives a speech on tax reform at the Heritage Foundation's President's Club Meeting at a hotel in Washington, DC, on October 17, 2017. (MANDEL NGAN/AFP via Getty Images)

An established cybercrime group with a track record of attacking political targets posted on Tuesday roughly two gigabytes of data from the Heritage Foundation, a prominent conservative think tank based in Washington, D.C.

Self-described “gay furry hackers,” SiegedSec said it released the data in response to Heritage Foundation’s Project 2025, a set of proposals that aim to give Donald Trump a set of ready-made policies to implement if he wins this fall’s election. Its authors describe it as an initiative “to lay the groundwork for a White House more friendly to the right.”

The data, reviewed by CyberScoop, includes Heritage Foundation blogs and material related to The Daily Signal, a right-wing media site affiliated with Heritage. The data was created between 2007 and November 2022. 

The group says it gained access to the data on July 2 and released it to provide “transparency to the public regarding who exactly is supporting heritage (sic),” a spokesperson for the group who goes by the online handle “vio” told CyberScoop in an online chat Tuesday.


The data includes the “full names, email addresses, passwords, and usernames” of people associating with Heritage, vio said, including users with U.S. government email addresses. “This itself can have an impact to heritage’s (sic) reputation,” they added, “and it’ll especially push away users in positions of power.” 

A Heritage spokesperson told CyberScoop after publication that the organization was not “hacked.” Instead, the spokesperson said “an organized group stumbled upon a two-year-old archive of The Daily Signal website that was available on a public-facing website owned by a contractor. The information obtained was limited to usernames, names, email addresses, and incomplete password information of both Heritage and non-Heritage contributors, as well as article comments and the IP address of the commentor.” 

No Heritage systems were breached at any time, the spokesperson said, and the story of a hack “is a false narrative and an exaggeration by a group of criminal trolls trying to get attention.” 

SiegedSec also claimed to be in possession of more than 200 gigabytes of additional “mostly useless” data, which the group said won’t be released.

The attack was carried out as part of SiegedSec’s “OpTransRights,” campaign, which has previously included the defacement of government websites and data theft from states either considering or implementing anti-abortion or anti-trans legislation.


The Heritage Foundation did not respond to a request for comment Tuesday. The attack marks the second suffered by Heritage this year. In April, a Heritage official told Politico that the think tank had shut down its network in response to a breach by a nation-state hacking group.

Democrats have sought to tie Trump to Project 2025 proposals as an example of what to expect from his second term. Heritage President Kevin Roberts made news last week when he said the American right was “in the process of the second American Revolution, which will remain bloodless if the left allows it to be.”

SiegedSec, which emerged on Telegram in April 2022, has also targeted various NATO portals, the city of Fort Worth and a company involved in the monitoring of offshore oil and gas facilities.

This story was updated July 10, 2024, to include comment from a Heritage Foundation spokesperson.

Latest Podcasts