An external server held by the Heritage Foundation containing old donor information was hacked, the organization confirmed on Wednesday in response to a report from Politico.
“We experienced a malicious, unauthorized data breach of six-year-old documents on an external server that appear to contain personal information of private donors, who we are notifying. We are unable to verify the authenticity of files circulated online,” Heritage said in a statement. In addition to possibly containing financial information, it contained correspondence between Heritage staff and donors.
Politico pointed out that the breach “occurred at the same time that the foundation’s multimedia news organization, the Daily Signal, has criticized the Obama administration and federal agencies such as the Office of Personnel Management over lax cybersecurity.”
Heritage spokesman Wesley Denton refused to provide further details of the attack, but said the data were separated from more recent information stored on internal servers. It’s unclear when a forensic analysis would determine where the attack originated, and Denton wasn’t prepared to say whether that information would be released. A 2012 attack the organization experienced originated in China.
A Chinese government-backed hacking group called Deep Panda has been known to target national security think tanks with the aim of gathering personal information on government security officials. Its technique is usually based on sending an email that makes sense to the victim based on his personal life or line of work. By interacting with the email, the victims expose their system to the hackers. That makes it important for groups such as Deep Panda to continuously gather as much information as they can about the people in networks they are targeting, and to do it as covertly as possible.
“They’re trying to make connections between prominent people who work at think tanks, prominent donors that they’ve heard of and how the government makes decisions,” Dan Blumenthal, director of Asian studies at the American Enterprise Institute, explained to the Washington Post in 2013.
Several breaches of the federal government’s infrastructure this year are believed to have begun in that manner, including breaches of the Office of Personnel Management and a July breach of the Joint Chiefs of Staff servers. Those attacks are believed to have originated in China and Russia, respectively.
Heritage assured the public that its more sensitive information was secure. “Our internal servers were not part of this breach, and we have taken — and will continue to take — all appropriate steps to ensure that our members have the ability to support public policy organizations free from intimidation,” the press release said.
