Planned Parenthood is having a rough month.
Planned Parenthood has been hacked.
Late Sunday night, a group of hackers who oppose the healthcare nonprofit’s abortion practices released Planned Parenthood’s website databases as well as names and email addresses of the organization’s employees.
It does not appear that the breach exposed the personal data of patients or employees of Planned Parenthood’s affiliate organizations.
The attack on Planned Parenthood follows a storm of controversy over the organization. Anti-abortion activists sparked the uproar earlier this month with the release of an edited video showing a Planned Parenthood director discussing the donation of fetus organs and tissue to medical research facilities, a legal but highly controversial practice.
“Trying to mold an atrocious monstrosity into socially acceptable behaviors is repulsive.”
One of the hackers, who goes by the pseudonym “E,” told the Daily Dot that the cyberattack was politically motivated.
“Trying to mold an atrocious monstrosity into socially acceptable behaviors is repulsive,” said E. “Obviously what [Planned Parenthood] does is a very ominous practice. It’ll be interesting to see what surfaces when [Planned Parenthood] is stripped naked and exposed to the public.”
Planned Parenthood Chief Information Officer Tom Subak told the Daily Dot on Sunday night that the organization was previously unaware of a breach in their systems.
“We think we have really good security, especially on flagging suspicious behavior,” said Subak. “We have not [received any flags].”
Subak was unable to provide additional information early Monday morning.
In a statement emailed to the Daily Dot, Dawn Laguens, executive vice president of Planned Parenthood’s U.S. federation, said they are investigating the hackers’ claims.
“We’ve seen the claims around attempts to access our systems,” said Laguens. “We take security very seriously and are investigating. It’s unsurprising that those opposed to safe and legal abortion are participating in this campaign of harassment against us and our patients, and claiming to stoop to this new low.”
The hackers involved say that they plan to decrypt and release internal Planned Parenthood emails “soon.” No emails have yet been released in the dump. (Editor’s note: The Daily Dot is intentionally not linking to the hackers’ website.)
On the website featuring the database dump, the hackers gave some insight into their possible motivations.
“We’ve noticed quite a lot of attention has been diverted to a supposedly malicious organization known as Planned Parenthood. The actions of this ‘federation’ are not seen as right in the eyes of the public. So here we are, the social justice warriors, seeking to reclaim some sort of lulz for the years and thousands of dollars that Planned Parenthood have wasted and made harvesting your babies.”
The hackers say they used a so-called Blind SQL, an attack that exploits unseen error message returned from a website database. It is “blind” because the attacker does not need to see the error messages to carry out the attack.
The hackers say they attempted to deface Planned Parenthood’s site or have it redirect to the hacker group’s Twitter account. However, they were unable to accomplish this goal because, according to E, Planned Parenthood’s website “backend is so terribly configured,” which thwarted their attempts to gain further administration access to the site.
The group is calling themselves 3301, the same name used by a famous group of secretive cryptographers known as Cicada 3301. The two groups appear to be entirely unrelated.
Update 11am CT, July 27: Added statement from Planned Parenthood’s executive vice president.
Update 3:28pm CT, July 27: The Department of Justice and the FBI are investigating the Planned Parenthood breach, the organization said in a statement. It also said that it was “working with top leaders in this field to manage these attacks.”
Update 8:43pm CT, July 27: Added contextual information about those affected by the breach.
Photo via ctrouper/Flickr (CC BY 2.0)