U.S. Department of Homeland Security, U.S. Customs and Border Protection and U.S. Immigration and Customs Enforcement: ICE Agent Doxxing Platform was Crippled After Coordinated DDoS Attack

Cyberattack Targets ICE List Wiki Ahead of Federal Agent Data Leak

A major cyberattack disrupted the ICE List Wiki a Netherlands-based activist platform just as it prepared to publish the identities of thousands of U.S. federal agents, primarily from Immigration and Customs Enforcement (ICE). The site, run by activist Dominick Skinner, was hit by a sustained distributed denial-of-service (DDoS) attack last Tuesday evening, flooding its servers with malicious traffic and forcing it offline.

The leaked data, provided by a Department of Homeland Security (DHS) whistleblower, includes names, personal phone numbers, and work histories of approximately 4,500 ICE and Border Patrol employees. The whistleblower’s decision to release the information was reportedly triggered by the fatal shooting of 37-year-old Renee Nicole Good by an ICE agent in Minneapolis on January 7, 2026. Activists quickly identified the officer involved as Jonathan E. Ross, with the incident described as the "last straw" for the whistleblower.

While the site has since resumed operations, Skinner noted that much of the attack traffic appeared to originate from a Russian bot farm, though the true source remains obscured by proxy networks. The sophistication of the assault suggests a coordinated effort to suppress the leak. Despite the disruption, Skinner’s team operating from the Netherlands to avoid U.S. jurisdiction plans to proceed with publishing the data, though they intend to exclude certain personnel, such as medical and childcare staff. The group is also migrating to more secure servers to prevent future disruptions.

Source: https://hackread.com/ice-agent-doxxing-platform-ddos-attack/

U.S. Department of Homeland Security cybersecurity rating report: https://www.rankiteo.com/company/us-department-of-homeland-security

U.S. Customs and Border Protection cybersecurity rating report: https://www.rankiteo.com/company/customs-and-border-protection

U.S. Immigration and Customs Enforcement (ICE) cybersecurity rating report: https://www.rankiteo.com/company/u-s-immigration-and-customs-enforcement-ice

"id": "US-CUSU-S1768592906",
"linkid": "us-department-of-homeland-security, customs-and-border-protection, u-s-immigration-and-customs-enforcement-ice",
"type": "Breach",
"date": "1/2026",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'customers_affected': '~4,500 U.S. federal agents (ICE '
                                              'and Border Patrol employees)',
                        'industry': 'Activism/Whistleblowing',
                        'location': 'Netherlands',
                        'name': 'ICE List Wiki',
                        'type': 'Activist platform'}],
 'attack_vector': 'Distributed Denial-of-Service (DDoS)',
 'data_breach': {'number_of_records_exposed': '4,500',
                 'personally_identifiable_information': 'Names, personal phone '
                                                        'numbers',
                 'sensitivity_of_data': 'High (personally identifiable '
                                        'information, work histories)',
                 'type_of_data_compromised': 'Personal and professional '
                                             'information of federal agents'},
 'date_detected': '2026-01-13T00:00:00Z',
 'description': 'A major cyberattack disrupted the ICE List Wiki, a '
                'Netherlands-based activist platform, just as it prepared to '
                'publish the identities of thousands of U.S. federal agents, '
                'primarily from Immigration and Customs Enforcement (ICE). The '
                'site was hit by a sustained distributed denial-of-service '
                '(DDoS) attack, flooding its servers with malicious traffic '
                'and forcing it offline. The attack appeared to originate from '
                'a Russian bot farm, though the true source remains obscured '
                'by proxy networks.',
 'impact': {'data_compromised': 'Names, personal phone numbers, and work '
                                'histories of ~4,500 ICE and Border Patrol '
                                'employees',
            'downtime': 'Temporary (site resumed operations)',
            'identity_theft_risk': 'High (personal information of federal '
                                   'agents exposed)',
            'operational_impact': 'Disruption of planned data leak publication',
            'systems_affected': 'ICE List Wiki servers'},
 'investigation_status': 'Ongoing',
 'motivation': 'Suppression of leaked data',
 'post_incident_analysis': {'corrective_actions': 'Migration to more secure '
                                                  'servers',
                            'root_causes': 'Suspected coordinated effort to '
                                           'suppress leaked data'},
 'references': [{'source': 'Cyber Incident Description'}],
 'response': {'containment_measures': 'Migration to more secure servers',
              'recovery_measures': 'Site resumed operations'},
 'threat_actor': 'Unknown (suspected Russian bot farm)',
 'title': 'Cyberattack Targets ICE List Wiki Ahead of Federal Agent Data Leak',
 'type': 'DDoS'}