A hacktivist collective calling itself Department of Peace has claimed responsibility for compromising information systems of the U.S. Department of Homeland Security (DHS) and stealing a large dataset related to contracts involving DHS and U.S. Immigration and Customs Enforcement (ICE). The material was released through the transparency platform Distributed Denial of Secrets (DDoSecrets), drawing renewed attention to systemic weaknesses in U.S. public‑private cybersecurity cooperation.
Scope of the DHS data breach and leaked ICE contracts
According to the published files, the data appears to originate from the Office of Industry Partnership, a DHS unit responsible for outreach to private industry and the procurement of technologies from commercial vendors. DDoSecrets, a non‑profit project focused on cataloguing and hosting leaked datasets, has made the documents accessible for download and analysis.
The archive reportedly contains contract information linking DHS and ICE with more than 6,000 companies. The vendors listed include major defense and technology contractors such as Anduril, L3Harris, Raytheon, Palantir, as well as large IT providers Microsoft and Oracle. The dataset effectively maps a significant portion of the technology supply chain behind DHS and ICE operations, providing rare visibility into how federal law‑enforcement and immigration systems depend on private suppliers.
Hacktivist motives and political context
In an accompanying statement, members of Department of Peace frame the breach as an ethically motivated action rather than a purely criminal operation. They reference the deaths of U.S. citizens Alex Pretti and Renée Good in Minneapolis earlier this year, alleging that both were shot by federal ICE agents during protests.
The group states that its objective is to expose which companies provide technological support to DHS and ICE, particularly amid intensified U.S. immigration enforcement under the second presidential term of Donald Trump. From their perspective, public awareness of the specific vendors and tools behind controversial policies is essential for democratic accountability and human rights oversight.
What data was exposed in the DHS–ICE contracts leak
Security researcher Micah Lee has indexed the dataset and published it on a separate site with full‑text search capabilities. The leaked database reportedly includes:
- Names of contractors and subcontractors working with DHS and ICE;
- Contract values, amounts and descriptions of delivered services or products;
- Personal contact details for vendor representatives, including full names, email addresses and phone numbers.
Among the largest recipients by total contract value highlighted in the leak are:
Cyber Apex Solutions – approximately USD 70 million in contracts. The company positions itself as a provider of solutions to close gaps in the protection of U.S. critical infrastructure, placing it at the core of high‑value cybersecurity deployments.
Science Applications International Corporation (SAIC) – around USD 59 million. SAIC delivers AI‑driven analytics platforms, big data processing systems and decision‑support tools to federal agencies, including national security customers.
Underwriters Laboratories (UL) – roughly USD 29 million for testing, certification and market analytics services. Such contracts underpin the assurance that technologies deployed in federal environments meet strict reliability and compliance requirements.
Cybersecurity impact on the federal supply chain
Exposed technology stack and increased supply chain attack surface
Beyond reputational damage, the greatest technical concern is that the leak provides an implicit blueprint of DHS and ICE’s technology ecosystem. By understanding exactly which vendors and products are in use, threat actors can:
- Identify the weakest links among smaller or less mature contractors and compromise them as a stepping stone into federal networks (classic supply chain attacks);
- Optimize exploits and malware for specific platforms, software versions and architectures now known to be deployed;
- Craft more convincing social engineering and pretexting scenarios by referencing real contracts, project names and vendor relationships.
Global incidents such as the SolarWinds compromise and attacks against managed service providers have already demonstrated how infiltrating a single vendor can facilitate widespread access to government and critical infrastructure networks. Industry reports, including Verizon’s Data Breach Investigations Report, consistently show that third‑party and partner relationships are an increasing factor in major breaches.
Risks for vendor personnel and targeted phishing campaigns
The exposure of named individuals and their direct contact information significantly increases the risk of targeted phishing and Business Email Compromise (BEC) attacks. Adversaries can now reach out to vendor staff with messages referencing legitimate projects, purchase orders or contract numbers extracted from the leak, dramatically raising the likelihood of successful compromise.
At the same time, there is a heightened risk of doxxing, harassment and intimidation against employees associated with sensitive law‑enforcement or immigration work. From a technical standpoint, every newly exposed corporate and personal communication channel expands the overall attack surface available to cybercriminals and state‑sponsored actors alike.
Zero trust and practical steps for DHS contractors
The alleged DHS breach underscores the urgency for both government agencies and contractors to implement a zero trust architecture, as outlined in frameworks such as NIST SP 800‑207. Zero trust assumes that no user, device or partner environment is inherently trustworthy and mandates continuous verification and least‑privilege access.
For organizations named in the leak, immediate measures should include:
- Conducting an out‑of‑cycle risk assessment focused on account takeover, spearphishing and vendor‑portal compromise;
- Enforcing multi‑factor authentication (MFA) across all remote access, email and partner interfaces;
- Implementing network segmentation and strict access controls for systems that interact with federal environments;
- Enhancing continuous monitoring, logging and incident response capabilities, including 24/7 alerting on suspicious activity involving exposed users;
- Strengthening security awareness training specific to targeted phishing, BEC and social engineering based on real contract data.
More broadly, enterprises working in the public sector should reassess their third‑party risk management practices: embed explicit cybersecurity requirements into contracts, perform periodic security audits of suppliers, and test defenses through Red/Blue Team exercises or adversary simulations. The more mature and transparent the security posture across the entire ecosystem—from major defense integrators to niche IT vendors—the less effective future data leaks will be as a launchpad for sophisticated cyber attacks and coercive pressure on individuals.
