Cyber Incident Victim: American Patriots Three Percent
Date:
Mar 2021
Location:
United States of America
Summary
A data breach affecting a right-wing paramilitary organization exposed members' personal information, including names, phone numbers, and photographs, which activists subsequently published on an internet archiving platform. The leaked records revealed participants spanning multiple age groups and diverse backgrounds, with many identifying as former military or law enforcement personnel possessing prior security clearances. Affiliated individuals expressed anger over the incident, citing heightened risks to their personal safety and familial security due to the public disclosure of their involvement.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 3, 2021, activists leaked data from the American Patriots Three Percent website, exposing personal information of members affiliated with the right-wing paramilitary group. The compromised data included full names, phone numbers, and photographs of individuals involved with the organization. According to reporting by The Guardian, the leaked records revealed members ranging in age from their 20s to 70s, drawn from diverse professional backgrounds. Activists obtained the data and subsequently published it on an internet archiving platform, making the information broadly accessible. The American Patriots Three Percent, identified as a militia group, had its membership details disseminated without consent through this action.
The exposure provoked strong reactions from affected members, who expressed anger and concern over potential safety risks. Phillip Whitehead, a member interviewed by phone, confirmed the authenticity of the leaked data and emphasized members' professional backgrounds, stating, "A lot of us are former military, former law enforcement." Whitehead specifically highlighted security implications, noting some members had held high-level security clearances and that the leak endangered both themselves and their families. No official statements from the group's leadership regarding containment measures or technical remediation were documented in available reports. The incident underscored operational security vulnerabilities within the organization, with personal identifiers becoming publicly accessible through the activists' archival efforts.