GTFO ICE Anti‑Immigration Site Leaks Personal Data of Over 17,000 Activists
What Happened – The anti‑ICE website GTFO ICE, linked to former DHS official Miles Taylor, inadvertently published a database containing the names, contact details, and affiliation information of 17,662 activists. The leak was discovered by researchers and reported by HackRead, raising concerns that the data may have been harvested by government agencies or other hostile actors.
Why It Matters for TPRM –
- Third‑party risk programs must assess the security posture of politically‑oriented platforms that handle sensitive personal data.
- Exposure of activist information can trigger legal, reputational, and operational risks for organizations that partner with or support such groups.
- The incident illustrates how misconfigured web assets can become a vector for large‑scale data exposure, a scenario that can affect any vendor handling personal data.
Who Is Affected – Human‑rights NGOs, advocacy groups, individual activists, and any downstream organizations that share data with GTFO ICE.
Recommended Actions –
- Conduct a rapid inventory of any contracts or data‑sharing agreements with GTFO ICE or similar activist platforms.
- Verify that data‑handling controls (encryption at rest, access restrictions, audit logging) are in place and enforced.
- Update third‑party risk questionnaires to include questions on political‑risk exposure and data‑exfiltration safeguards.
Technical Notes – The leak appears to stem from a web‑application misconfiguration that left a CSV file publicly accessible. No specific CVE was cited. Exposed data includes full names, email addresses, phone numbers, and social‑media handles. Source: HackRead