Leak of Personal and Work Details of ICE and Border Patrol Employees
Personal and work-related details of roughly 4,500 US ICE and Border Patrol employees were allegedly leaked online and shared with ICE List, a site describing itself as an “accountability” project. Reporting indicates the exposed data includes names, work email addresses, phone numbers, job roles, and some résumé-style information; early reviews cited in coverage suggest about 80% of those listed may still be employed by DHS. Multiple accounts attribute the disclosure to a DHS whistleblower and describe it as a major exposure of federal staff data, with estimates including roughly 1,800–2,000 frontline agents and about 150 supervisors among those affected.
The alleged leak followed intense public backlash after the fatal shooting of Renee Nicole Good in Minneapolis, in which ICE agent Jonathan Ross has been widely identified as the shooter. Separate reporting describes broader legal and political fallout around DHS/ICE operations and scrutiny of Ross’ conduct, including court testimony and disputes over subpoenas seeking identifying information about social media users posting about ICE activity; however, those items are adjacent context rather than direct reporting on the staff-data leak itself.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
DHS condemns the alleged doxxing of ICE and Border Patrol personnel
After reports of the leak emerged, DHS officials publicly denounced the exposure of employee information as dangerous to officers and their families. DHS Assistant Secretary Tricia McLaughlin said the release could amount to '4,500 felonies.'
Leaked DHS employee data is provided to and published via ICE List
The allegedly stolen dataset was reportedly given to ICE List, a volunteer-run or journalistic accountability website that said it would publish most verifiable names while excluding some categories such as certain roles. Early analysis cited by the site said the data covered around 1,800 frontline agents and 150 supervisors, with about 80% of identified staff still employed by DHS.
Alleged DHS whistleblower leaks data on about 4,500 ICE and Border Patrol staff
Following the shooting, a person described as a DHS whistleblower allegedly disclosed sensitive personal and employment information for roughly 4,500 ICE and U.S. Border Patrol employees. The exposed data reportedly included names, work emails, phone numbers, job roles, and some résumé or work-history details.
Renee Nicole Good is fatally shot by an ICE agent in Minneapolis
On 2026-01-07, Renee Nicole Good was reportedly killed in Minneapolis, Minnesota, by ICE agent Jonathan Ross. The shooting was described as the catalyst for protests, internal outrage, and the subsequent alleged data leak.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
Leaked Data Exposes Thousands of Border Patrol, ICE Agents After Renee Good Shooting
techrepublic.com
Open sourcePersonal Details of Thousands of Border Patrol and ICE Agents Allegedly Leaked in Huge Data Breach - DataBreaches.Net
databreaches.net
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
DDoS Attack Takes Down ICE List Doxxing Site After Leak of DHS-Sourced Agent Data
**ICE List**, a website publishing personal details of U.S. Immigration and Customs Enforcement (ICE) officers and Border Patrol agents, was reported offline following a sustained **distributed denial-of-service (DDoS)** attack that the site’s administrator, Dominick Skinner, attributed to traffic largely originating from **Russia** and routed through proxies. Skinner said the attack’s use of proxy infrastructure made attribution difficult, but described it as unusually long-running and sophisticated; the site is reportedly hosted in the **Netherlands**, complicating potential U.S. takedown efforts. Reporting indicated the disruption followed Skinner’s stated intent to release data on nearly **4,500** immigration personnel allegedly obtained from the U.S. Department of Homeland Security via a whistleblower. The exposed dataset was described as including **names, phone numbers, email addresses, job titles**, and other identifying information, prompting criticism from DHS that the site enables **doxxing** of federal personnel; Skinner reportedly said he planned to withhold some categories of names (e.g., nurses and childcare workers) while publishing most others.
Mar 21, 2026
Hacktivists Claim DHS Breach and Leak ICE Contractor Records via DDoSecrets
A self-described hacktivist group calling itself **“Department of Peace”** claimed it breached **U.S. Department of Homeland Security (DHS)** systems and exfiltrated internal records tied to **Immigration and Customs Enforcement (ICE)** contracting. The group published the material via the transparency collective **Distributed Denial of Secrets (DDoSecrets)**, and reporting indicates the dataset contains **6,600+ contractor-related records** listing thousands of companies associated with federal immigration enforcement contracts, including major vendors such as **Microsoft**, **Oracle**, **Palantir**, **Raytheon**, and **Anduril**. The alleged source of the leaked records was described as DHS’s **Office of Industry Partnership**, a unit involved in procuring technology from the private sector. As of the reporting cited, **DHS had not publicly confirmed** the intrusion or validated the authenticity and provenance of the released data, leaving the breach claim unverified while the documents circulate publicly via the DDoSecrets-hosted release.
Mar 21, 2026
US Government Efforts to Identify Anti-ICE Activists and a StopICE Service Compromise
The US Department of Homeland Security has reportedly used **administrative subpoenas** to pressure tech companies to disclose identifying data about anonymous accounts and individuals critical of the Trump administration, including accounts sharing information about local **ICE immigration raids**. The reporting highlights that administrative subpoenas—unlike judicial subpoenas—do not require a judge’s approval and can seek metadata and account-identifying details (e.g., login times, devices, and associated email addresses), raising concerns about oversight and potential chilling effects on speech. Separately, the anti-ICE alert service **StopICE** reported its app and website were attacked, with users receiving texts claiming their information had been “compromised and sent to the authorities,” alongside disparaging messages about the developer. StopICE administrators and the developer disputed claims that sensitive personal data (names, addresses, GPS/location histories) was stolen, stating the service does not collect/store that information, while also noting the platform faces heavy hostile activity including frequent **DDoS** attempts; the service blamed a **US Customs and Border Protection (CBP)** agent for the attack, though that attribution was not independently confirmed in the reporting.
Mar 21, 2026