Inside the DHS Contractor Leak: 6,681 ICE Vendors Exposed — Including a Company Building a Microwave Vehicle Stopper

A hacktivist group calling itself “Department of Peace” claims to have breached the Department of Homeland Security, releasing contractor records tied to ICE enforcement — and buried in the data is a contract that raises serious questions about what tools agents may already be using against the American public.

On March 1, 2026, a group calling itself “Department of Peace” published what it claims is internal data from the DHS Office of Industry Partnership. The records were released via the Distributed Denial of Secrets (DDoSecrets) platform and contain details on 6,681 organizations that applied for contracts with the Department of Homeland Security — including a subset who received them.

Security researcher Micah Lee has built an interactive explorer of the data, allowing the public to filter and search companies by contract size, program type, state, and award amount. The top contractor by allocation — Cyber Apex Solutions, LLC — received $70 million in total.

The DHS has not publicly confirmed or denied the intrusion as of publication.

What Was Leaked

The release includes two files: one listing all applicant organizations, and a second listing only those that received contracts. According to reporting by TechRepublic and TechCrunch, the records contain:

Company names and URLs
Employee names and, in some cases, titles
Business and personal addresses
Phone numbers and email addresses
Tax identification numbers, including Employer Identification Numbers (EINs) and potentially Social Security Numbers (SSNs)
Government contractor identifiers such as UEI numbers and CAGE codes
Internal DHS comments regarding contractor updates

The sheer breadth of exposed personal identifiers — particularly SSNs and EINs — makes this a significant data exposure event for thousands of contractors and their employees, regardless of whether the root cause was a breach or a misconfigured system.

Notable companies named in the records include Microsoft, Oracle, Palantir, Raytheon, and Anduril — a mix of mainstream enterprise tech, data intelligence, and defense contractors all tied to federal immigration enforcement infrastructure.

The Contract That Should Alarm Everyone: Cybernet’s Microwave Vehicle Stopper

Beyond the headline names, the leaked data contains something far more unsettling buried in the SBIR (Small Business Innovation Research) contract records: a long-term partnership between DHS/ICE and Cybernet Systems Corporation to develop a remote vehicle disabling system.

The contract — Award ID 382, publicly viewable on USASpending.gov — funded Phase II development of the Microwave Vehicle Stopper (MVS), a system designed to transmit modulated microwave energy at a target vehicle to disrupt its engine control systems and bring it to a stop without causing permanent damage.

According to Cybernet’s own program documentation:

The system transmits modulated microwave energy to the target vehicle that is tailored to disrupt the computation functions of the vehicle engine controller, safely slowing and stopping the vehicle… Our goal is to defuse a potentially dangerous car-chase by disabling power to the vehicle while leaving braking and steering unaffected.

The company has since developed an Aerial Microwave Vehicle Stopper (AMVS) — a helicopter-deployable version — and has conducted testing at General Motors’ Proving Grounds, characterizing the specific electromagnetic vulnerabilities of production vehicles.

This is not a theoretical program. It is a funded, multi-year federal research partnership with a company that has moved from laboratory testing into prototype development.

Why This Matters Now: ICE, Legal Observers, and the “Kill Switch” Question

The timing of this contract detail becoming public could not be more significant.

LA Taco has reported on ICE using what observers are describing as a “kill switch” capability to remotely disable the vehicles of legal observers — civilians who were lawfully documenting federal immigration enforcement activity. This reporting lands in the middle of an already deeply disturbing national pattern.

Since the launch of Operation Metro Surge in Minnesota’s Twin Cities in December 2025, federal agents have:

Detained and arrested legal observers documenting raids
Smashed car windows and detained vehicle occupants
Addressed observers by name after apparently running their license plates
Used drones, facial recognition-adjacent tactics, and surveillance databases to identify and follow people monitoring them

The operation resulted in the deaths of two civilian protesters — Renée Good and Alex Pretti, both U.S. citizens — killed by federal agents during the enforcement campaign.

ICE officers routinely told observers monitoring and documenting their activity that they were breaking federal law, despite legal experts saying the vast majority were simply exercising constitutional rights.

In that context, a DHS contract to develop a system capable of disabling a moving vehicle from a helicopter — tested specifically against commercial vehicles’ engine control vulnerabilities — raises a direct and urgent question: Is this technology, or a derivative of it, being deployed operationally against civilian vehicles?

The contract image surfacing from the leak shows the Cybernet award covered 2007–2010. But as any security professional knows, prototype research funded under SBIR often feeds directly into operational procurement pipelines. The ICE contract on USASpending.gov (CONT_AWD_70RSAT21C00000022) represents a later, direct ICE award — showing the relationship between DHS and Cybernet continued well past the original SBIR phase.

The Security Breakdown Behind the Leak

Whether or not the data came from a direct breach versus a publicly accessible or misconfigured repository, the exposure of SSNs, EINs, personal addresses, and internal government comments for 6,681+ organizations represents a serious failure in data handling by DHS.

From a security assessment perspective, this incident presents several red flags:

Data classification failure. Records containing SSNs and internal staff comments should never be aggregatable in a single exportable dataset without strict access controls, need-to-know restrictions, and audit logging.

Contractor PII exposure at scale. Small contractors and sole proprietors in the records may have had personal SSNs (not EINs) tied to their government applications. Those individuals face real and immediate identity theft risk.

Supply chain visibility for adversaries. Foreign intelligence services now have a curated list of every company with a DHS/ICE contract relationship — including their contact employees, phone numbers, and email addresses. This is a perfect targeting list for spear-phishing campaigns against federal contractors.

Attribution uncertainty is itself a risk. DHS’s silence on confirming or denying the intrusion leaves contractors with no guidance on whether to treat their credentials as compromised.

Who’s in the Data

The leaked records span the full spectrum of the modern surveillance-industrial complex feeding federal immigration enforcement:

Technology companies providing software, cloud infrastructure, and data analytics
Defense contractors building physical enforcement and interdiction tools
Data brokers and intelligence firms supplying identity verification and location services
Logistics and transportation vendors supporting detention and deportation operations
Small businesses and sole proprietors providing specialized consulting or equipment

The concentration of major tech and defense names — Microsoft, Oracle, Palantir, Raytheon, Anduril — confirms what civil liberties advocates have long argued: that immigration enforcement has become deeply intertwined with the broader defense technology ecosystem, with little public accountability for what specific capabilities are being procured and deployed.

What Happens Next

The hacktivist group framed the release explicitly as political, citing the deaths of Alex Pretti and Renée Good as motivation. Regardless of how one views the methods, the data itself is now public and being indexed by researchers.

Several things are now in motion:

Congress may face renewed pressure to investigate DHS data security practices, particularly given the sensitivity of SSN and contractor identity data in the exposed records.
Affected contractors should assume their information is in the wild and take immediate steps: credential rotation, fraud monitoring for EINs and SSNs, and heightened phishing awareness for employees listed in the records.
Civil liberties and press freedom organizations are likely to use the Cybernet contract disclosure to press harder on questions about what non-lethal vehicle interdiction technology ICE has operationally deployed — and whether it has been used against civilians.
Security researchers will continue building on Micah Lee’s work, correlating contract records with other public procurement data to map the full scope of ICE’s technology vendor ecosystem.