Hacktivists Swipe 200GB of Data in Heritage Foundation Cyber Attack

Published on
heritage foundation cyber attack

Hacktivist group SiegedSec has stolen over 200GB of data from right-wing think tank the Heritage Foundation in a large-scale cyber attack. 

The self-described “gay-furry-hackers” revealed on Tuesday they had released sensitive data including unreleased blogs and material related to The Daily Signal, a right-wing media site affiliated with Heritage. The data was created between 2007 and November 2022. 

The group says it gained access to the data on July 2 and released it to provide “transparency to the public regarding who exactly is supporting heritage (sic).” 

SiegedSec also claimed to have more than 200 gigabytes of additional “mostly useless” data, which the group said won’t be released. This included passwords and user information for “every user” on its database.

"This itself can have an impact on heritage's (sic) reputation and it'll especially push away users in positions of power," a spokesperson for the group who goes by the online handle “vio” told the publication CyberScoop on Tuesday. "We’re strong against Project 2025 and everything the Heritage Foundation stands for,” 


The cyber attack was carried out as part of SiegedSec’s “#OpTransRights,” campaign, which targets right-wing organisations and anti-LGBTQ+ groups that the group believes threaten trans rights.

SiegedSec has previously included the defacement of government websites and data theft from states either considering or implementing anti-abortion or anti-trans legislation. 

heritage foundation cyber attack

SiegedSec data leak notification following 2023 NATO cyber attack. Source: SOCRadar

Other targets include NATO, right-wing media outlet Real America’s Voice and a transphobic Minnesota pastor, whose Amazon account the group used to buy thousands of dollars worth of inflatable sea lions.

While some LGBTQ+ advocates have said this kind of digital aggression reflects badly on queer activists, SiegedSec wants to fight back against bigots.

In a Telegram statement, SiegedSec said: “The thing is, these types of people will blame the LGBTQ+ community regardless of what we do. They will look for a reason to hate, they won’t listen to reason, they want to spread lies to shun people different from them.”

The group added are committed to: “fighting back in our own way, delivering justice to those who spread hate.”

Political cyber-warfare 

The Heritage Foundation is a tax-exempt organisation that leads Project 2025, a seriesof right-wing policies that claim to reshape the US government and consolidate executive power to the next administration, which would be in 2025 if Republican presidential nominee Donald Trump is to win the 2024 US Presidential Election.

Heritage Foundation president Kevin Roberts has previously vowed to end the so-called “toxic normalisation of transgenderism” and the “propagation of transgender ideology."

Donald Trump’s re-election would likely result in anti-LGBTQ+ laws and revert rights the queer community fought hard for. While Trump has claimed to know nothing about Project 2025, SiegedSec has described it as: “an authoritarian Christian nationalist plan to reform the United States government.”

SiegedSec co-leader, known by the username Vio, told The Intercept: “We’re strong against Project 2025 and everything the Heritage Foundation stands for.”

In addition to targeting Project 2025, hackers from SiegedSec previously infiltrated a transphobic pastor’s US-based church website and used his Amazon account to buy thousands of dollars worth of inflatable sea lions.

“With numerous political elections happening worldwide, it's no surprise that cyber attacks are increasingly targeting this sector,” said Greg Day, VP and global field CISO at Cybereason.

“Organisations involved in elections must swiftly determine whether an attack is a random incident or a targeted one, such as the Heritage Foundation attack. 

“Understanding the motive behind the breach and the actions taken during it is crucial. The ability to respond appropriately and promptly determines the commercial impact of the incident,” Mr Day added.

Heritage has not provided any statement regarding the intrusion, which comes months after its network had been shut down due to a state-sponsored cyber attack.

Join 34,209 IT professionals who already have a head start

Network with the biggest names in IT and gain instant access to all of our exclusive content for free.

Get Started Now