A group of self-proclaimed “gay furry hackers” says it breached the Heritage Foundation earlier this month, releasing two gigabytes of the right-wing think tank’s internal data on Tuesday. On its Telegram channel, the hacktivist collective SiegedSec — which has previously claimed responsibility for hacking NATO’s computer systems — said the Heritage hack was part of its #OpTransRights campaign, which also targeted the far-right media outlet Real America’s Voice and the Hillsong megachurch. The group also cited their objections to Project 2025, the Heritage Foundation’s policy proposal for a second term for former President Donald Trump, as a motivating factor.

In an email to The Verge, Heritage Foundation spokesperson Noah Weinrich denied that Heritage had been hacked, calling it a “false narrative and an exaggeration by a group of criminal trolls trying to get attention.”

“An organized group stumbled upon a two-year-old archive of The Daily Signal website that was available on a public-facing website owned by a contractor,” Weinrich said in an emailed statement. “The information obtained was limited to usernames, names, email addresses, and incomplete password information of both Heritage and non-Heritage content contributors, as well as article comments and the IP address of the commenter. No Heritage systems were breached at any time, and all Heritage databases and websites remain secure, including Project 2025. The data at issue has been taken down, and additional security steps have since been taken as a precaution.”

The Heritage Foundation claims the alleged hack was an exaggeration for attention, but in the meantime, Mike Howell, the executive director of the foundation’s Oversight Project, has triumphantly taken credit for disbanding “the Gay Furry Hackers.”

SiegedSec has released chat logs of a conversation one of its members claimed to have with Howell on Signal. The chat logs show a person who claims to be Howell asking a SiegedSec member why the group hacked the Heritage Foundation and threatening to expose the hackers. 

We are in the process of identifying and outting members of your group

Reputations and lives will be destroyed 

Closeted Furries will be presented to the world for the degenerate perverts they are 

You cannot hide Your means are miniscule compared to mine. You now can either turn yourself in or you can cooperate

Howell confirmed the legitimacy of the messages in an X exchange with a Daily Dot reporter.  

Weinrich did not comment on the alleged messages between Howell and SiegedSec.

The messages also show Howell claiming to be “tied up with the fbi issuing a 2702 order” on SiegedSec’s social media. SiegedSec has indeed disbanded, a decision its members attribute to their “own mental health, the stress of mass publicity, and to avoid the eye of the FBI.”

A SiegedSec representative who goes by vio told The Verge they “completely expected” Heritage to deny that it had been hacked. “Many companies try denial to save face,” vio said. “The server we hacked was linked to The Daily Signal, and the server was named ‘first-heritage-foundation’. Clearly, Heritage was genuinely hacked.”

“Mike’s threats and insults showed anger that confirmed what Heritage denied,” vio said.

In a statement on Telegram, SiegedSec said the goal of the hack was to draw attention to — and combat — the Heritage Foundation’s anti-LGBT and anti-abortion policy proposals.

“The Heritage Foundation is a conservative think tank in America, among the most influential public policy organizations,” one SiegedSec member wrote on Telegram. “This organization is responsible for leading Project 2025, an authoritarian Christian nationalist plan to reform the United States government.” The hacked data, which was reviewed by CyberScoop, includes Heritage Foundation blogs and material related to The Daily Signal, a news website affiliated with the organization. 

Heritage published Project 2025, its sweeping recommendations for a second Trump term, in April 2023, with a “broad coalition” of more than 100 other conservative organizations. The 900-plus-page “mandate for leadership” touches on virtually every sector of the executive branch, from the White House to the bevy of federal agencies under the president’s control.

Broadly speaking, its recommendations involve expanding presidential power, purging federal agencies of career employees, and replacing them with Trump loyalists. The mandate calls for dismantling entire federal departments — including the departments of Commerce, Education, and Homeland Security, the latter of which would be replaced with a new agency that is more extreme in its mission and less subject to oversight. Project 2025 also urges Trump to reverse the Food and Drug Administration’s approval of abortion pills, eliminate policies that promote “abortion as health care,” outlaw pornography, and shut down “telecommunications and technology firms that facilitate its spread.” 

The mandate’s chapter on the Federal Communications Commission — written by Brendan Carr, the agency’s head under Trump — calls for the imposition of “transparency rules on Big Tech” and an overhaul of Section 230 of the Communications Decency Act, the law that states that “interactive computer services” can’t be treated as the publishers or speakers of third-party content published on their platforms. Carr claims that Section 230 allows tech companies to “censor protected speech,” echoing claims that major social media companies suppress right-wing viewpoints.

Trump recently attempted to distance himself from Project 2025, claiming he has “no idea” who is behind the plan — even though a CNN analysis found that more than 140 former members of his administration were involved in drafting the mandate.