Hacktivists Claim DHS Breach and Leak ICE Contractor Records via DDoSecrets
A self-described hacktivist group calling itself “Department of Peace” claimed it breached U.S. Department of Homeland Security (DHS) systems and exfiltrated internal records tied to Immigration and Customs Enforcement (ICE) contracting. The group published the material via the transparency collective Distributed Denial of Secrets (DDoSecrets), and reporting indicates the dataset contains 6,600+ contractor-related records listing thousands of companies associated with federal immigration enforcement contracts, including major vendors such as Microsoft, Oracle, Palantir, Raytheon, and Anduril.
The alleged source of the leaked records was described as DHS’s Office of Industry Partnership, a unit involved in procuring technology from the private sector. As of the reporting cited, DHS had not publicly confirmed the intrusion or validated the authenticity and provenance of the released data, leaving the breach claim unverified while the documents circulate publicly via the DDoSecrets-hosted release.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
Micah Lee publishes searchable site for leaked DHS contractor records
Security researcher Micah Lee created a GitHub-backed page to organize and make the leaked DHS contractor records searchable, including sorting by contract amount. The site highlighted major contracts and made the dataset easier to review.
Department of Peace claims DHS breach and leaks ICE contractor data
Hacktivist group "Department of Peace" claimed it compromised U.S. Department of Homeland Security systems and released data allegedly taken from DHS's Office of Industry Partnership. The leak, published on DDoSecrets, reportedly included records tied to DHS and ICE contracts involving more than 6,000 companies and exposed contractor contact details and identifiers.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
DHS allegedly breached by hacktivists, stolen data leaked | brief | SC Media
scworld.com
Open sourceHacktivists Claim DHS Breach, Leak 6,600+ ICE Contractor Records
techrepublic.com
Open sourceHacktivists claim to have hacked Homeland Security to release ICE contract data - DataBreaches.Net
databreaches.net
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
DDoS Attack Takes Down ICE List Doxxing Site After Leak of DHS-Sourced Agent Data
**ICE List**, a website publishing personal details of U.S. Immigration and Customs Enforcement (ICE) officers and Border Patrol agents, was reported offline following a sustained **distributed denial-of-service (DDoS)** attack that the site’s administrator, Dominick Skinner, attributed to traffic largely originating from **Russia** and routed through proxies. Skinner said the attack’s use of proxy infrastructure made attribution difficult, but described it as unusually long-running and sophisticated; the site is reportedly hosted in the **Netherlands**, complicating potential U.S. takedown efforts. Reporting indicated the disruption followed Skinner’s stated intent to release data on nearly **4,500** immigration personnel allegedly obtained from the U.S. Department of Homeland Security via a whistleblower. The exposed dataset was described as including **names, phone numbers, email addresses, job titles**, and other identifying information, prompting criticism from DHS that the site enables **doxxing** of federal personnel; Skinner reportedly said he planned to withhold some categories of names (e.g., nurses and childcare workers) while publishing most others.
Mar 21, 2026
US Government Efforts to Identify Anti-ICE Activists and a StopICE Service Compromise
The US Department of Homeland Security has reportedly used **administrative subpoenas** to pressure tech companies to disclose identifying data about anonymous accounts and individuals critical of the Trump administration, including accounts sharing information about local **ICE immigration raids**. The reporting highlights that administrative subpoenas—unlike judicial subpoenas—do not require a judge’s approval and can seek metadata and account-identifying details (e.g., login times, devices, and associated email addresses), raising concerns about oversight and potential chilling effects on speech. Separately, the anti-ICE alert service **StopICE** reported its app and website were attacked, with users receiving texts claiming their information had been “compromised and sent to the authorities,” alongside disparaging messages about the developer. StopICE administrators and the developer disputed claims that sensitive personal data (names, addresses, GPS/location histories) was stolen, stating the service does not collect/store that information, while also noting the platform faces heavy hostile activity including frequent **DDoS** attempts; the service blamed a **US Customs and Border Protection (CBP)** agent for the attack, though that attribution was not independently confirmed in the reporting.
Mar 21, 2026
Leak of Personal and Work Details of ICE and Border Patrol Employees
Personal and work-related details of roughly **4,500** US **ICE** and **Border Patrol** employees were allegedly leaked online and shared with *ICE List*, a site describing itself as an “accountability” project. Reporting indicates the exposed data includes names, work email addresses, phone numbers, job roles, and some résumé-style information; early reviews cited in coverage suggest about **80%** of those listed may still be employed by **DHS**. Multiple accounts attribute the disclosure to a **DHS whistleblower** and describe it as a major exposure of federal staff data, with estimates including roughly **1,800–2,000** frontline agents and about **150** supervisors among those affected. The alleged leak followed intense public backlash after the fatal shooting of **Renee Nicole Good** in Minneapolis, in which **ICE agent Jonathan Ross** has been widely identified as the shooter. Separate reporting describes broader legal and political fallout around DHS/ICE operations and scrutiny of Ross’ conduct, including court testimony and disputes over subpoenas seeking identifying information about social media users posting about ICE activity; however, those items are adjacent context rather than direct reporting on the staff-data leak itself.
Mar 21, 2026