Incident analyses
Public, already-reported cases. We trace each one back to the data leak that started the chain, and the specific action that would have broken it.
- 2026-04 · Little Rock, ArkansasAddress exposure
Threat actor 'kittykatkrew' leaked Arkansas State Crime Lab personnel directory and court calendars in 2026
In April 2026, a threat actor calling itself 'kittykatkrew' breached an Arkansas State Crime Lab database and leaked the full personnel directory plus active court calendars. Exposed data included names, emails, phone numbers, job titles, and employing agencies for prosecutors, police, and city officials across Arkansas, alongside defendant names, court dates, forensic-analyst assignments, and prosecutor contacts.
- 2026-04 · Evangeline Parish, LouisianaOther
Five Louisiana officials in Evangeline Parish arrested in 2026 for leaking active-investigation data to a defendant
In April 2026, Louisiana State Police arrested five public officials in Evangeline Parish, including a mayor, a 911 dispatch supervisor, and three sworn officers, for accessing state law-enforcement databases and leaking active-investigation data to a criminal defendant. The case is an inverted privacy incident: officers caused the exposure of protected victim and witness information rather than having their own data leaked.
- 2026-03 · North CarolinaDoxxing
North Carolina activist mailed 'beware your neighbor is an ICE agent' postcards to an officer's neighbors in 2026
In March 2026, an activist in North Carolina mailed postcards to neighbors of an ICE officer including the officer's photo and a 'beware your neighbor is an ICE agent' message. The campaign extended doxxing tactics into physical mail.
- 2026-03 · Jackson County, IndianaAddress exposure
FBI and DHS investigated a 2026 cyberattack on Jackson County, Indiana sheriff's network
A March 2026 cyberattack hit Jackson County, Indiana's computer network and triggered FBI and DHS investigation. The same month, DeKalb County, Indiana disclosed a separate breach exposing SSNs and driver's license numbers.
- 2026-03 · Los Angeles, CaliforniaDoxxing
Federal prosecutors in LA charge anti-ICE doxxers — none had published home addresses (March 2026)
Federal prosecutors in Los Angeles ramped up doxxing charges in early 2026 against people who published names and photos of ICE agents. The LA Times reported on March 6, 2026 that none of the charged individuals had published home addresses. The cases raise questions about how far federal doxxing law reaches when the address step is missing.
- 2026-02 · South DakotaDoxxing
South Dakota Supreme Court keeps officers' names sealed in 2024 shootout case, citing doxxing risk
The South Dakota Supreme Court ruled in early 2026 that officers' names from a 2024 shootout could remain sealed, citing doxxing risk. The same week, the legislature advanced HB 1298, the state's first anti-doxxing statute for officers and judges.
- 2026-02 · Schaumburg, IllinoisDoxxing
Schaumburg, IL man charged with threatening FBI agent using stolen agent roster (February 2026)
After anti-ICE protesters in Minneapolis allegedly stole an FBI agent roster containing contact information, a Schaumburg, Illinois man used that data to contact and threaten an FBI special agent. He was charged in February 2026. The case is one of the first federal threat prosecutions tied directly to a stolen roster.
- 2026-02 · Grand Rapids, MichiganDoxxing
Grand Rapids man charged in 2026 for doxxing a police officer falsely linked to a fatal shooting
A Grand Rapids man was charged in early 2026 for doxxing someone he wrongly identified as a police officer involved in a deadly shooting. The misidentified target had nothing to do with the case.
- 2026-01 · North CarolinaDoxxing
Libs of TikTok doxes North Carolina nurse over Pretti/Renée Good post, tags state nursing board
In late January 2026, Chaya Raichik (operator of the Libs of TikTok accounts) doxxed a North Carolina nurse who had posted a critical comment about federal agents involved in the Minneapolis killings of Alex Pretti and Renée Good. Raichik posted the nurse's photo, tagged his hospital, and tagged the North Carolina Board of Nursing, urging the board to revoke his license. The nurse was not publicly named in the coverage reviewed.
- 2026-01 · Federal (nationwide)Doxxing
ICE List website publishes ~4,500 ICE, Border Patrol, and DHS employees in January 2026 data leak
ICE List launched in June 2025 from offshore hosting with about 2,000 names. After the January 2026 fatal shooting of Renee Good in Minneapolis, a DHS whistleblower handed the operator another roughly 4,500 records — names, emails, phones, job titles, and background data. The site used AI to verify identities, weathered DDoS attacks reportedly traced to Russian botnets, and prompted Sen. Marsha Blackburn to introduce S. 1952.
- 2026-01 · Joplin, MissouriStalking
Joplin officer dismissed in 2026 for running a single license plate 395 times in tracking system
A Joplin, Missouri police officer was dismissed in January 2026 after allegedly running one specific license plate 395 times through a license plate reader tracking system. The misuse pattern resembled stalking via department databases.
- 2026-01 · Minneapolis (theft) and Schaumburg, Illinois (perpetrator)Family targeting
Stolen FBI agent roster used to threaten 15+ agents and contact one agent's child in 2026
On January 7, 2026, protesters at the scene of an FBI shooting in Minneapolis looted unsecured FBI vehicles and stole agent rosters containing home addresses, personal phone numbers, emails, and driver's-license details. Within a month, 15+ agents were getting threats. One agent was contacted by 23 different people. The agent's child was contacted on social media. A 28-year-old in Schaumburg, Illinois was charged in February.
- 2025-12 · Warren County, KentuckyAddress exposure
Warren County, Kentucky Sheriff disclosed a December 2025 data breach that leaked SSNs
Warren County Sheriff's Office in Kentucky notified residents of a December 2025 data breach in which Social Security numbers and other personal information were compromised. Ransomware group RansomHouse claimed credit.
- 2025-11 · Madison County, MississippiOther
Madison County Youth Court Judge Staci O'Neal's account breached after a phishing email in 2025
A phishing email opened by a Mississippi youth court judge gave attackers access to her account and exposed sensitive case-adjacent material. The case is one of the few publicly reported judicial breaches in the state.
- 2025-09 · Cleveland County, OklahomaDoxxing
Oklahoma man arrested in 2025 for doxxing a former Cleveland County sheriff's deputy
A retired Oklahoma City officer turned sheriff's-office watchdog was arrested in January 2025 and charged under Oklahoma's Computer Crimes Act for posting what prosecutors called identifying information of a former Cleveland County deputy, including her home address. The case is contested. Critics argue the charge is being used to silence a public-records-driven critic of the agency.
- 2025-08 · Federal (nationwide)Doxxing
Activists use PimEyes facial recognition to unmask ICE officers, then convert names to addresses (August 2025)
An activist began running photographs of masked ICE officers through PimEyes — a commercial facial recognition search engine — to identify agents at enforcement operations. Cross-referencing the PimEyes hits with public records produced names and home addresses. Senator Blackburn pressed PimEyes's CEO in November 2025. No criminal charges have been filed.
- 2025-08 · MarylandAddress exposure
Rhysida ransomware group claimed a 2025 attack on Maryland Transit Administration, exposing addresses and IDs
The Rhysida ransomware group claimed a 2025 attack on the Maryland Transit Administration, alleging it had stolen Social Security numbers, driver's license details, home addresses, and passport data tied to Maryland residents.
- 2025-07 · Federal (nationwide)Doxxing
Federal judges doxxing wave — 126 federal threat prosecutions in 2025, 400+ threats tracked by SU4J
CBS News found 126 federal cases in 2025 prosecuting threats to public officials, many tied to doxxing. The Speak Up for Justice coalition tracked 400+ threats to judges. The federal judiciary fast-tracked a case management system upgrade after the July 2025 hack disclosure. Federal Judge Brooke Jackson was doxxed and subsequently let ICE agents testify under initials only.
- 2025-06 · Brooklyn Park, MinnesotaFamily targeting
11 data broker sites — the entire methodology behind the Hortman assassination (June 2025)
Vance Boelter killed Minnesota State Representative Melissa Hortman and her husband Mark and shot State Senator John Hoffman and his wife Yvette on June 14, 2025. Police recovered a written list of 11 data broker websites from his vehicle. The brokers were the entire methodology — no insider source, no technical skill, just consumer-grade people-search.
- 2025-06 · Brooklyn Park and Champlin, MinnesotaAddress exposure
Minnesota lawmaker shootings — gunman used a list of 11 data broker sites to find home addresses (June 2025)
In the early-morning hours of June 14, 2025, Vance Boelter shot four people at two Minnesota lawmakers' homes — killing State Representative Melissa Hortman and her husband Mark, and wounding State Senator John Hoffman and his wife. According to the FBI affidavit, Boelter found the home addresses through a list of 11 data broker websites recovered from his vehicle alongside notebooks listing dozens of other elected officials and their home addresses.
- 2025-05 · Denver, ColoradoStalking
Colorado Chief Justice Monica Márquez discloses years of spoofing, swatting, and doxxing in 2025 SU4J Forum
Colorado Chief Justice Monica Márquez disclosed at the 2025 National Speak Up for Justice Forum that she has endured years of spoofing, swatting, doxxing, and what she described as relentless intimidation. Her account is one of the most explicit public statements from a sitting state chief justice on the threat environment for the bench.
- 2025-03 · Washington StateAddress exposure
Does v. Seattle Police: WA Supreme Court ruling on agency obligations when FOIA requests target officer identities
A 2018 Public Records Act request sought the identities of Seattle police officers who attended a political event. The officers sued to block disclosure. After a 2023 Court of Appeals ruling that would have required agencies to proactively assert constitutional privacy on behalf of third parties, the Washington Supreme Court reversed in March 2025. The court held that public employees have no protected privacy interest in attending highly public events and that agencies are not obligated to assert constitutional exemptions for third parties. The burden shifts back to the officers themselves to seek injunctions.
- 2025-02 · Milwaukee, WisconsinAddress exposure
Bell Ambulance cyberattack exposed data on 235,000 people including patients and EMS staff in 2025
Bell Ambulance, the largest ambulance provider in Wisconsin, disclosed a cyberattack in February 2025 that exposed sensitive personal and medical information on more than 235,000 people. SSNs, driver's licenses, and medical records were included.
- 2024-12 · West VirginiaAddress exposure
Retired West Virginia officer sued Whitepages in 2024 under the state's new Daniel's Law analog
A retired West Virginia officer sued Whitepages in 2024 for failing to remove his home address after notice, the first publicly reported civil action under W. Va. Code §5A-8-24. The state's new Daniel's Law analog gives officers and judges a private right of action against data brokers.
- 2024-11 · Middletown, ConnecticutAddress exposure
Westfield Fire District in Middletown, CT notified residents of a 2024 ransomware data breach
Westfield Fire District in Middletown, Connecticut notified its members and residents in 2025 that personal information had been compromised in a November 2024 ransomware incident. The ransomware group Medusa publicly claimed the attack and the district offered 24 months of credit monitoring.
- 2024-05 · New York, New YorkDoxxing
Manhattan Trump-trial jurors and Michael Cohen's family doxxed in days following May 2024 guilty verdict
Within 24 hours of the May 30, 2024 guilty verdict in the Manhattan Trump criminal trial, Trump supporters on online forums began attempting to identify and post home addresses of jurors, accompanied by violent threats. Michael Cohen's family was separately doxxed in the days following Cohen's testimony in early June 2024. No juror addresses were confirmed as accurately published, but the campaign was active and coordinated.
- 2024-02 · New JerseyAddress exposure
20,000 New Jersey officers vs. 118 data brokers — the Daniel's Law class actions (2024)
In February 2024, Atlas Data Privacy Corporation filed 118 class-action lawsuits in New Jersey state court on behalf of more than 20,000 active and retired police officers, prosecutors, judges, and corrections officers. The suits alleged that data-broker companies — including LexisNexis and other major aggregators — had failed to remove the officers' home addresses and phone numbers after written demands under Daniel's Law. The case is the largest known structural test of whether the modern broker-removal regime actually works.
- 2024-01 · Washington DC, New York, and other US locationsSwatting
Federal judge swatting wave (January 2024) — Chutkan, Engoron, and others
In January 2024, a wave of swatting incidents targeted federal and state judges, prosecutors, and other public officials connected to high-profile cases. The pattern was widely reported and prompted federal action on judicial security.
- 2023-12 · Manchester, MaineAddress exposure
Maine Secretary of State Shenna Bellows — home swatted hours after her address was posted online (December 2023)
On December 29, 2023, Maine Secretary of State Shenna Bellows's home in Manchester, Maine was the target of a swatting call. The night before, her home address had been posted online by a conservative activist. Bellows had ruled the previous day that Donald Trump was ineligible for the Maine primary ballot under the 14th Amendment.
- 2023-10 · New York, New YorkDoxxing
Letitia James home address shared on Truth Social, Judge Merchan's daughter targeted during Manhattan Trump trial
Two distinct doxxing incidents targeted officials connected to Donald Trump's New York legal cases. On October 17, 2023 Trump shared a Laura Loomer Substack post on Truth Social that included NY AG Letitia James's home address. In April 2024, Trump's social-media posts about Judge Juan Merchan's daughter Loren Merchan prompted Judge Merchan to expand the existing gag order to cover family members.
- 2023-10 · KansasAddress exposure
Kansas Office of Judicial Administration cyberattack exfiltrated personal data in 2023
An October 2023 cyberattack on the Kansas Office of Judicial Administration exfiltrated files containing personal information. The Kansas judiciary disclosed the breach publicly and notified affected individuals.
- 2023-09 · Denver, ColoradoDoxxing
Denver police commander doxxing — first conviction under Colorado's anti-doxxing law (2024)
A Colorado activist was convicted under Colorado's anti-doxxing statute for repeating a Denver police commander's home address during a livestreamed protest and inviting viewers to gather there. The case is the first reported conviction under Colorado's 2022 anti-doxxing law for first responders.
- 2023-08 · Atlanta, GeorgiaDoxxing
Fulton County grand jurors doxxed after indicting Trump — Georgia's name-publication law made it trivial
Names, photos, and home addresses of the Fulton County grand jurors who indicted Donald Trump on RICO charges circulated on far-right forums within 48 hours of the indictment. Georgia law requires publishing grand juror names — the doxxing was a downstream consequence of statutory transparency.
- 2023-08 · Atlanta, GeorgiaDoxxing
Fulton County DA Fani Willis — home address and family info posted online during Trump Georgia case (2023)
After the August 2023 Fulton County indictment of Donald Trump and 18 co-defendants, Fulton County District Attorney Fani Willis's home address — along with the names and addresses of her family members and the 23 grand jurors — was posted on conspiracy and far-right websites. Multiple individuals were federally charged for follow-on threats against Willis, with at least two convicted and sentenced to federal prison.
- 2023-03 · Washington, DCAddress exposure
DC Health Link breach exposed personal data of members of Congress and staff in 2023
A misconfigured server at DC Health Link exposed personal information for thousands of enrollees, including members of Congress, congressional staff, and their families. The data wound up on a public hacking forum.
- 2022-08 · Boston, MassachusettsDoxxing
Catherine Leavy convicted of hoax bomb threat against Boston Children's Hospital after Libs of TikTok campaign
After Libs of TikTok and other far-right accounts amplified attacks on Boston Children's Hospital's pediatric gender clinic in August 2022, Catherine Leavy of Westfield, Massachusetts called in a hoax bomb threat. The FBI arrested her September 15, 2022; she pleaded guilty in September 2023 and was sentenced in July 2024. The hospital received two more bomb threats over the same window.
- 2022-08 · West Palm Beach, FloridaDoxxing
Judge Bruce Reinhart doxxed within hours of signing the Mar-a-Lago search warrant
Federal magistrate Bruce Reinhart was doxxed within hours of his name becoming public as the judge who signed the Mar-a-Lago search warrant. His home address, phone numbers, and family members' names spread across 4chan and TheDonald with antisemitic threats. The federal court pulled his info from its public website.
- 2022-07 · Indianapolis, IndianaDoxxing
Caitlin Bernard, Indianapolis OB-GYN, doxxed and investigated by Indiana AG after providing abortion to 10-year-old rape victim
Indianapolis OB-GYN Caitlin Bernard provided a legal abortion to a 10-year-old rape victim from Ohio. After the story broke, her name, employer, and personal details circulated nationally; she received death threats; Indiana's attorney general opened an investigation.
- 2022-04 · IdahoDoxxing
Idaho extremist groups ran doxxing campaigns against judges, prosecutors, and health workers in 2022
In 2022, Idaho extremist groups ran sustained doxxing campaigns against judges, prosecutors, public health officials, and law enforcement. Personal information and home addresses were shared widely online.
- 2022-02 · Ottawa, CanadaDoxxing
RCMP withholds badge numbers fearing Freedom Convoy doxxing — and convoy participants get doxxed too
During the 2022 Freedom Convoy protests in Ottawa, the RCMP refused to release badge numbers of officers deployed to clear the protests. Internal records cited the agency's fear that convoy supporters would use the badge numbers to dox officers. Counter-protesters and online activists separately doxxed convoy participants, including identifying truckers and their employers. The episode became a textbook case of bidirectional doxxing in a politically charged protest.
- 2022-02 · United States / CanadaDoxxing
GiveSendGo breach exposes ~100,000 Freedom Convoy donors, including Ontario police officers
In February 2022, hackers breached GiveSendGo and leaked personal information of approximately 90,000–104,000 donors who had contributed $9.6 million to the Canadian Freedom Convoy. Names, emails, ZIP codes, and IP addresses were exposed. The Intercept and other outlets identified Oath Keepers, US public officials, and Ontario police officers among the donor list.
- 2021-11 · Anchorage, AlaskaAddress exposure
Anchorage Police Department exposed unredacted traffic-collision reports for 11,402 people in 2021
In 2021, the Anchorage Police Department exposed unredacted traffic-collision reports affecting 11,402 people. The reports included full dates of birth and driver's-license numbers — DPPA-covered data. APD revisited the incident in coverage of a separate 2026 vendor scare.
- 2020-08 · Snohomish County, WashingtonFamily targeting
Seattle Police Chief Carmen Best — protesters at her home, neighbors' addresses leaked, kids questioned about their schools (Snohomish County, 2020)
On August 1, 2020, roughly 200 protesters in 40 vehicles arrived at the Snohomish County home of Seattle Police Chief Carmen Best. Best was not home. Neighbors reported that their personal information had been published online ahead of the protest, that protesters photographed homes and license plates, and that protesters approached neighborhood children and asked them what schools they attended.
- 2020-07 · Portland, OregonDoxxing
Portland federal-officer doxxing wave — 38 officers' personal info posted online during 2020 protests
During the summer 2020 protests in Portland, the Department of Homeland Security publicly stated that 38 federal law enforcement officers had been doxxed — names, photos, and personal information posted online. The wave coincided with the BlueLeaks data dump, which exposed 269 GB of internal police-department files going back to 1996, and prompted CBP and federal agencies to authorize officers to cover their name tags.
- 2020-07 · North Brunswick, New JerseyFamily targeting
The 2020 attack on Judge Esther Salas's family — the case that led to Daniel's Law
Daniel Anderl, the 20-year-old son of US District Judge Esther Salas, was shot and killed at the family's North Brunswick home by an attorney who had researched the judge's home address through publicly available channels. Eight days earlier, the same shooter killed California lawyer Marc Angelucci at his front door using the same deliveryman cover. The case directly produced Daniel's Law in New Jersey and the federal Daniel Anderl Judicial Security and Privacy Act.
- 2020-07 · Hennepin County, MinnesotaAddress exposure
Hennepin County first-responder data leak: about 1,500 officers and infrastructure staff exposed in 2020
In 2020, personal information for roughly 1,500 first responders and critical infrastructure personnel in Hennepin County, Minnesota was published online after a vendor breach. The leak followed the unrest after the killing of George Floyd.
- 2020-04 · Bethpage, TennesseeSwatting
Mark Herring — fatal swatting over a Twitter handle (Tennessee, 2020)
Mark Herring, a 60-year-old Tennessee resident, died of a heart attack during a police response triggered by a swatting call. The swatting was retaliation by harassers who wanted to forcibly acquire his @Tennessee Twitter handle and posted his home address on Discord after he refused.
- 2019-06 · Fairfax County, VirginiaAddress exposure
Fairfax County Police data breach exposed personal info of about 500 sworn and civilian employees in 2019
Personal information for roughly 500 Fairfax County Police employees, both sworn officers and civilians, was exposed in a 2019 internal data breach. The department notified affected employees and offered credit monitoring.
- 2018-06 · United States (online)Doxxing
Sam Lavigne scrapes 1,595 ICE employees from LinkedIn, GitHub and Medium remove the data within 24 hours
On June 19, 2018, Sam Lavigne, a programmer, artist, and adjunct professor at NYU's Tisch School of the Arts, published a database on GitHub containing names, profile photos, job titles, and city-level locations of 1,595 individuals who listed Immigration and Customs Enforcement as their employer on LinkedIn. GitHub and Medium removed the data within 24 hours under their anti-harassment policies. WikiLeaks republished it the same week as 'ICEPatrol.'
- 2017-12 · Wichita, KansasSwatting
Andrew Finch — fatally shot by police responding to a swatting call (Wichita, 2017)
Andrew Finch, a 28-year-old uninvolved bystander, was shot and killed by Wichita police responding to a fake hostage call placed over a $1.50 online gaming dispute. The address used in the call had been deliberately given to the swatter as misinformation in the dispute — Finch had no connection to anyone involved.
- 2015-03 · Los Angeles, CaliforniaFamily targeting
LAPD Skid Row officers doxxed within 72 hours of fatal March 2015 shooting, children's school information posted
On March 1, 2015, LAPD officers fatally shot a homeless man on Skid Row in a struggle captured on video and rapidly circulated online. Within 72 hours, at least two officers believed to be involved were doxxed: names, home addresses, and information about their children's schools posted on social media. The LAPD did not publicly identify the officers until March 19, 2015, more than two weeks after the shooting, in part due to security concerns.
- 2014-12 · New York, New YorkFamily targeting
NYPD officer Justin D'Amico's home address tweeted by Erica Garner on Christmas Day 2014
Erica Garner tweeted the home address of NYPD officer Justin D'Amico, who was involved in her father Eric Garner's 2014 death, along with addresses for five possible relatives. The tweet documented an early example of social-media-driven officer doxxing tied to a high-profile police-killing case.
- 2014-08 · Ferguson, MissouriDoxxing
Anonymous's Operation Ferguson: how vigilante doxxing identified the wrong officer
After the August 9, 2014 fatal police shooting of Michael Brown, the hacktivist collective Anonymous launched 'Operation Ferguson' and on August 14 released what it claimed was the name of the officer who shot Brown. The collective identified the wrong person, subjecting an uninvolved individual to severe threats and harassment. Ferguson PD released the actual officer's name (Darren Wilson) the following day.
- 2011-06 · Phoenix, ArizonaDoxxing
LulzSec breaches Arizona DPS, dumps 700 documents including officer home addresses
On June 23, 2011, the hacktivist collective LulzSec released 700 confidential documents from Arizona Department of Public Safety internal servers, including case files, phone numbers, and home addresses of officers. A second release on June 29 added passwords, Social Security numbers, online dating accounts, voicemails, and chat logs. The group framed the breach as retaliation for Arizona SB 1070.
- 2005-02 · Chicago, IllinoisFamily targeting
Judge Joan Lefkow's husband and mother killed at home — address posted on white-supremacist sites (Chicago, 2005)
On February 28, 2005, US District Judge Joan Lefkow returned home to find her husband Michael and her mother Donna shot dead in the basement. The attacker was a disgruntled litigant whose civil case Lefkow had dismissed. Before the murders, Lefkow's home address had been posted on multiple white-supremacist websites, alongside calls for her death.
- 1999-10 · Nashua, New HampshireStalking
Amy Boyer — stalker bought her workplace address from a data broker (New Hampshire, 1999)
Amy Boyer, 20, was shot and killed outside her dental-office workplace by a man who had stalked her since high school. He bought her Social Security number, date of birth, and workplace address from the data broker Docusearch. The broker obtained the workplace address by pretexting — calling Boyer at home and lying about who they were. The case produced the first US state supreme court ruling that data brokers owe a duty of care to the people whose information they sell.
- 1989-07 · Los Angeles, CaliforniaStalking
Rebecca Schaeffer — stalker bought her home address from a DMV records lookup (Los Angeles, 1989)
Rebecca Schaeffer, a 21-year-old actress, was shot and killed at her front door by an obsessed fan who had hired a Tucson detective agency to find her home address. The agency pulled the address from California DMV records for $250. The case directly produced the federal Driver's Privacy Protection Act.