Cyber Incident Victim: Department of Homeland Security
Date:
Mar 2026
Location:
United States of America
Summary
A hacktivist group calledDepartment of Peace claimed to have breached the Department of Homeland Security and released data on contracts between the agency, Immigration and Customs Enforcement, and thousands of companies. The leaked information, published by DDoSecrets, includes contract values, contractor names, and contact details for firms such as Anduril, L3Harris, Raytheon, Palantir, Microsoft, Oracle, Cyber Apex Solutions, SAIC, and Underwriters Laboratories. The hacktivists said the release was motivated by recent protests and aimed to expose companies supporting federal immigration enforcement.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
OnMarch 2, 2026, a group identifying itself as the Department of Peace announced that it had compromised the Department of Homeland Security and obtained internal documents. The hacktivists said the data originated from the Office of Industry Partnership, a DHS unit responsible for procuring technology from private‑sector vendors. They released the material through the transparency collective DDoSecrets, which published the dataset online. In an accompanying statement, the hackers cited the killings of protesters Alex Pretti and Renée Good in Minneapolis as motivation for the disclosure.
The leaked dataset contains contract information linking DHS and Immigration and Customs Enforcement to more than six thousand companies, including defense contractors such as Anduril, L3Harris, Raytheon and Palantir, as well as technology firms Microsoft and Oracle. Security researcher Micah Lee subsequently organized the data on a dedicated, searchable website that displays each contractor’s name, the total amount of money awarded, and contact details such as full names, email addresses and phone numbers. The site allows users to query the information by contractor name, award amount or contact field. Among the largest awards are a $70 million contract to Cyber Apex Solutions, which describes itself as focused on filling security gaps in critical infrastructure, a $59 million award to Science Applications International Corporation for AI services, and a $29 million award to Underwriters Laboratories for testing, certification and market intelligence. The article notes that Cyber Apex Solutions, SAIC and Underwriters Laboratories did not immediately respond to requests for comment regarding the leak.
Following the publication, the Department of Homeland Security and Immigration and Customs Enforcement did not provide an immediate response to requests for comment from the press. The hacktivists’ accompanying message asserted that the disclosure was intended to inform the public about which companies support DHS activities and what those companies are working on. The article also notes that, since the start of the Trump administration, DHS and ICE have conducted mass deportations of individuals with few criminal records, detaining them in overcrowded facilities that critics describe as inhumane, a campaign that has been aided by technology firms including Palantir. No further statements from DHS, ICE or the named contractors were reported in the article regarding mitigation, containment or remedial actions taken after the leak.