Light bulb Limited Spots Available: Secure Your Lifetime Subscription on Gumroad!

Mar 03, 2026 · 5 min read

Hacktivists Just Leaked the Names of 6,681 Companies Working With ICE—Including Employee Emails and Tax IDs

A breach of DHS procurement systems exposed the full surveillance contractor supply chain—along with the personal data of thousands of workers.

Government building at night with digital documents and data streams flowing outward, representing leaked classified contract data

The Breach

On March 2, 2026, a hacktivist group calling itself "Department of Peace" claimed to have breached the Department of Homeland Security's Office of Industry Partnership—the unit that procures technology from the private sector. The nonprofit transparency collective Distributed Denial of Secrets (DDoSecrets) then published the full dataset online.

The leak catalogs contracts between DHS, Immigration and Customs Enforcement, and 6,681 organizations. It reads like a who's who of the defense and surveillance industry: Palantir, Raytheon, L3Harris, Anduril, Microsoft, Oracle, plus universities, NASA, and agencies like the FBI.

What Was Exposed

The dataset is not just a list of company names. It contains granular personal and business information for thousands of individuals:

  • Full names and job titles of contractor employees
  • Business and personal email addresses
  • Phone numbers and physical addresses
  • Tax identification and employer identification numbers
  • Government contractor IDs (UEI numbers, CAGE codes)
  • Contract award amounts and project descriptions
  • Internal DHS staff comments on applications

Some reports indicate the data may also include Social Security numbers. Cybersecurity researchers who reviewed portions of the release told TechCrunch that several documents bore hallmarks consistent with genuine federal procurement records, including formatting, reference numbers, and metadata that would be difficult to fabricate.

Why They Did It

The Department of Peace explained their motivation in a document published alongside the data. They cited the killings of two protesters—Alex Pretti and Renee Good—by federal agents in Minneapolis earlier in 2026, and stated their goal was to expose "which companies support" DHS operations amid what they described as a mass deportation campaign conducted without due process.

DHS and ICE have not responded to requests for comment.

The Privacy Fallout for Thousands of Workers

The breach creates immediate privacy risks for the individual employees whose data was exposed. The leaked records include personal contact information for government contractor staff who may have had no idea their data was stored in a hackable system.

These individuals now face the prospect of targeted phishing, social engineering, and harassment. Defense contractor employees are particularly high value targets for nation state hackers—their credentials and contact details can be used to spear phish their way into secure networks.

For the companies themselves, the exposure of contract amounts, project descriptions, and internal government assessments reveals competitive intelligence that was never meant to be public.

Palantir and the Surveillance Stack

The leak puts fresh scrutiny on the technology companies powering ICE's enforcement operations. Palantir, which has held ICE contracts since 2014, provides platforms that analyze driver's license scans, extract information from seized phones, cross search location data, and link records from federal, state, and commercial databases.

ICE's technology stack also includes plans to hire nearly 30 contractors to monitor social media platforms—Facebook, TikTok, Instagram, YouTube—around the clock, turning posts, photos, and profiles into enforcement leads. The breach gives the public an unprecedented view into the scale and scope of this surveillance infrastructure.

DDoSecrets and the Hacktivist Playbook

DDoSecrets, the transparency collective that published the data, has become one of the most significant outlets for leaked government and corporate documents since WikiLeaks. The organization does not hack systems itself but hosts and indexes data provided by anonymous sources.

This breach follows a broader trend of hacktivism targeting surveillance and immigration enforcement infrastructure. In recent months, hacktivists have also exposed stalkerware payment records for over 500,000 customers and leaked data from companies selling location tracking technology to government agencies.

What Happens Next

The dataset is now publicly searchable. Anyone can look up which companies have DHS contracts, what they were paid, and who the individual contact people are.

For privacy advocates, the leak is a double edged sword: it reveals the machinery of government surveillance but does so by exposing the personal data of thousands of workers who did not consent to having their information published.

For the companies involved, the fallout is just beginning. Contract details that were supposed to remain behind government firewalls are now available to competitors, foreign intelligence services, and anyone with an internet connection. DHS has not confirmed or denied the breach, and the full scope of what was accessed may not be known for weeks.