Cyber Incident Victim: Planned Parenthood
Date:
Jul 2015
Location:
United States of America
Summary
Planned Parenthood experienced a cyberattack by politically motivated hackers opposing abortion practices, resulting in the release of website databases and employee names and email addresses, though patient and affiliate employee data remained uncompromised. The attackers, operating under the pseudonym 3301, utilized a Blind SQL injection technique and attempted but failed to deface the organization’s website or redirect it due to backend configuration issues. They publicly justified the breach as retaliation against the organization’s activities and indicated intent to release internal emails. The victim organization, initially unaware of the intrusion, launched an investigation and engaged law enforcement, including the FBI and Department of Justice, to address the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On July 27, 2021, anti-abortion hackers breached Planned Parenthood's systems, releasing website databases and employee names and email addresses. The attack occurred late Sunday night, with the hackers publicly disclosing the stolen data shortly afterward. The group, self-identifying as "3301" but unrelated to the known Cicada 3301 cryptographer collective, cited opposition to Planned Parenthood's abortion services and fetal tissue donation practices as motivation. They specifically referenced controversy stemming from a recently released edited video depicting a Planned Parenthood director discussing legal fetal tissue donations. The hackers employed a Blind SQL injection attack to exploit vulnerabilities in Planned Parenthood's web database infrastructure. While they successfully exfiltrated data, their attempts to deface the website or redirect traffic to their Twitter account failed due to what they described as Planned Parenthood's "terribly configured" backend systems limiting further administrative access. The attackers announced intentions to decrypt and release internal Planned Parenthood emails in the future, though no emails appeared in the initial data dump.
Planned Parenthood's Chief Information Officer Tom Subak initially stated the organization had no prior indication of a security breach, noting their systems had not flagged suspicious activity. Executive Vice President Dawn Laguens later confirmed an investigation into the claims, characterizing the incident as part of an ongoing harassment campaign against the organization. The breach did not compromise patient data or information from affiliate organizations. By the afternoon of July 27, Planned Parenthood disclosed collaboration with the Department of Justice and FBI in their investigation, alongside engagement with cybersecurity experts to manage the attack. The hackers framed their actions as exposing Planned Parenthood's "atrocious monstrosity" through data exposure, while the organization maintained its security protocols and condemned the intrusion as a politically motivated escalation of anti-abortion activism.