Planned Parenthood Breach Highlights Shift Toward More Malicious Competitive Attacks

The attack targets are shifting. Security experts say that the politically motivated attack on Planned Parenthood this week is only the latest example of a move for some hackers from financially motivated to ideological attacks.

Planned Parenthood confirmed that it was the victim of a cyberattack and it has contacted the Department of Justice and the FBI. The attack, first reported by the Daily Dot, was politically motivated by a hacking group calling themselves 3301 who say they oppose Planned Parenthood's abortion practices.

The hackers used a Blind SQL method (which attacks the SQL database with queries to retrieve data) to access the organization's website databases, and names and emails of Planned Parenthood employees, according to the Daily Dot, which said it was in contact with the hackers. The hackers, who called themselves "social justice warriors," told the publication that they also plan to decrypt and release internal emails.

[Related: The 10 Biggest Data Breaches Of 2015 (So Far)]

Security experts said the breach shows a changing tone in the threat landscape, from attackers looking to prove their hacking skills or see financial gains to more malicious and motivated attacks on competitors or groups that disagree with an organization's mission.

"I think that we're entering a new age of people with discontent doing harm [through hacking]," said Erik Wilson, owner of Palatine, Ill.-based Auryn Technology. "That's going to be the real issue. ... I think it's people with a motive now. ... It's not a monetary thing that they're after -- it's to make a statement."

That same trend was echoed in the recent breach of adultery site AshleyMadison.com and the high-profile breach last year of Sony, which, among other things, released embarrassing executive emails to the public.

"The retail breaches are all about the money," said Piper Jaffray Senior Research Analyst Andrew Nowinski. "With the Ashley Madison breach and this Planned Parenthood breach, there really is no financial impact or intent. It is more malicious to expose things for their own agenda. ... It is a different type of attack or reason for an attack."

While Nowinski said that the back-to-back ideologically motivated breaches are likely a coincidence, he said the frequency of breaches across all industries is on the rise. With that comes an influx of politically and maliciously motivated attacks, he said.

"It could just be the start," Nowinski said. "We certainly could see more of those [types of attack.]"

As with other breaches, Wilson said, the Planned Parenthood breach highlights the need for companies in any industry to value security over convenience when a customer or employee could be harmed if the information lands in the wrong hands.

For example, with Planned Parenthood, which operates in a sensitive and often controversial health-care area, some clients and employees could be harmed either physically, financially or in reputation if their information were released by politically minded hackers.

"We should do it because it is the right thing to do and explain why the system operates the way it does," Wilson said. "I don't think right now organizations explain that very well right now."

PUBLISHED JULY 28, 2015