U.S. Agencies Expand Efforts to Identify and Share Data on Immigration-Related Targets
Reporting indicates the U.S. Department of Homeland Security (DHS) has significantly increased its use of administrative subpoenas—which do not require judicial approval—to obtain identifying information for anonymous social media accounts that criticize ICE or post information about ICE agent locations. According to the New York Times (as cited by TechCrunch), DHS sent hundreds of subpoenas to major platforms including Google, Meta, Reddit, and Discord, and some companies reportedly complied in at least some cases; Google said it notifies users when possible and challenges subpoenas it views as overbroad.
Separately, a court filing disclosed that the IRS improperly overshared immigrants’ personal data with DHS/ICE under an April 2025 IRS–DHS data-sharing arrangement intended to support certain non-tax criminal investigations under IRC Section 6103 exceptions. After ICE requested 1.28 million addresses, the IRS could verify 47,289 individuals, and for a subset (reported as under 5% of verified matches) the IRS mistakenly provided ICE with additional address information beyond what ICE had supplied, raising concerns that the interagency data-sharing deal increased exposure of sensitive taxpayer information.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
6 events from the most recent confirmed update back to the earliest known activity.
Platforms reportedly comply with some DHS subpoenas
The New York Times reported that Google, Meta, and Reddit complied in at least some cases with DHS administrative subpoenas seeking identifying information on anonymous anti-ICE social media accounts.
DHS withdraws some Instagram subpoenas after lawsuits
Bloomberg reported five cases in which DHS sought to identify anonymous Instagram account owners, then withdrew the subpoenas after the account owners sued.
IRS improperly discloses extra immigrant address data to ICE
A court filing disclosed that for fewer than 5% of verified individuals, the IRS mistakenly provided ICE with additional address information when ICE's original information was incomplete, constituting an improper disclosure of taxpayer data.
ICE submits 1.28 million address requests to the IRS
Under the IRS-DHS arrangement, ICE requested address information for 1.28 million individuals tied to non-tax criminal investigations. The IRS was able to verify 47,289 of those individuals against its records.
DHS expands use of administrative subpoenas to identify anti-ICE accounts
In recent months, DHS reportedly made broad use of administrative subpoenas to unmask anonymous social media accounts critical of ICE or sharing agents’ locations, sending hundreds of requests to platforms including Google, Reddit, Discord, and Meta.
IRS and DHS sign immigrant data-sharing agreement
In April 2025, the IRS and Department of Homeland Security agreed to share certain immigrant-related data for criminal investigations, subject to privacy-law and Internal Revenue Code Section 6103 limits.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
Homeland Security reportedly sent hundreds of subpoenas seeking to unmask anti-ICE accounts | TechCrunch
techcrunch.com
Open sourceIRS Improperly Shares Immigrants’ Data with ICE: Explained - DataBreaches.Net
databreaches.net
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
US Government Efforts to Identify Anti-ICE Activists and a StopICE Service Compromise
The US Department of Homeland Security has reportedly used **administrative subpoenas** to pressure tech companies to disclose identifying data about anonymous accounts and individuals critical of the Trump administration, including accounts sharing information about local **ICE immigration raids**. The reporting highlights that administrative subpoenas—unlike judicial subpoenas—do not require a judge’s approval and can seek metadata and account-identifying details (e.g., login times, devices, and associated email addresses), raising concerns about oversight and potential chilling effects on speech. Separately, the anti-ICE alert service **StopICE** reported its app and website were attacked, with users receiving texts claiming their information had been “compromised and sent to the authorities,” alongside disparaging messages about the developer. StopICE administrators and the developer disputed claims that sensitive personal data (names, addresses, GPS/location histories) was stolen, stating the service does not collect/store that information, while also noting the platform faces heavy hostile activity including frequent **DDoS** attempts; the service blamed a **US Customs and Border Protection (CBP)** agent for the attack, though that attribution was not independently confirmed in the reporting.
Mar 21, 2026
ICE Expands Use of Commercial and Technical Surveillance Data for Immigration Enforcement
U.S. Immigration and Customs Enforcement (**ICE**) is exploring expanded access to commercially available data from online advertising and technology brokers to support investigations, issuing a **Request for Information (RFI)** to understand the availability of personal, financial, location, and health data and how it could be provided to federal investigative entities. The effort is framed as market research rather than a direct procurement, and follows an earlier RFI seeking open-source intelligence and social media data to improve targeting for ICE’s Enforcement and Removal Operations. Privacy and civil liberties advocates warn that purchasing brokered data can function as a workaround to traditional warrant requirements, and point to proposed legislation such as the **Fourth Amendment Is Not For Sale Act** as a potential constraint on government acquisition of data that would otherwise require judicial authorization. Reporting on ICE’s broader deportation and enforcement posture describes the agency’s reliance on multiple surveillance technologies to identify and track individuals, including **cell-site simulators** (also known as *stingrays* / **IMSI catchers**) that impersonate cellular towers to locate and potentially identify nearby phones. The coverage also highlights legal controversy around enforcement tactics, including allegations of warrantless home entry that legal experts argue conflicts with **Fourth Amendment** protections. Separately, European policymakers are described as reassessing dependence on U.S. technology amid geopolitical tensions and sanctions risk, but that discussion is not specific to ICE’s surveillance or data-broker acquisition activity.
Mar 21, 2026
US and UK Immigration Agencies Seek Expanded Surveillance and Data-Analytics Capabilities
US Immigration and Customs Enforcement (ICE) issued a federal request for information seeking **commercial “Big Data and Ad Tech”** products—explicitly including *ad-tech compliant and location data services*—to “directly support investigative activities,” signaling continued interest in leveraging commercial data-broker and advertising-technology ecosystems for law-enforcement use. Related reporting highlights longstanding concerns that US agencies can sidestep Fourth Amendment warrant requirements by purchasing sensitive data about residents, and notes broader DHS/ICE enforcement activity that has increased scrutiny of surveillance practices and the downstream impacts of ad-tech tracking on affected communities. Separately, the UK Home Office’s Border Security Command is pursuing up to **£100M** in procurement for a “maritime situational awareness system” designed to autonomously detect, track, and identify small boats and other non-cooperative vessels, including fusing data from land-based and **BVLOS drones** into a managed “Coastal Maritime ISR Service.” In parallel, a viral “ICE List” site claimed to publish leaked personal data on thousands of DHS employees, but analysis found the database largely relies on **publicly available self-disclosed information** (notably LinkedIn), underscoring operational security risks from personnel oversharing even when no breach is involved.
Mar 21, 2026