Sam Lavigne scrapes 1,595 ICE employees from LinkedIn, GitHub and Medium remove the data within 24 hours

What happened

On June 19, 2018, three weeks into the family-separation news cycle at the U.S.-Mexico border, Sam Lavigne, a programmer, artist, and adjunct professor at NYU's Tisch School of the Arts, published a project built by scraping LinkedIn.

The dataset contained 1,595 entries. Each listed a name, a profile photo, a job title, and a city-level location for an individual who had publicly listed Immigration and Customs Enforcement as their employer. Lavigne posted the data on GitHub and a companion essay on Medium framing the project as journalism about who works for ICE.

Within 24 hours, GitHub and Medium had both removed the material. Twitter suspended accounts that linked to the dataset. The Verge, TechCrunch, BuzzFeed News, and New York Magazine all covered the takedowns the same week.

The platforms cited their anti-harassment and anti-doxxing policies. The argument: even if every entry came from a public LinkedIn profile, aggregating 1,595 of them into one searchable spreadsheet during a charged news cycle created a level of harm the individual profiles did not.

The data the dataset did not contain

This is what made the takedowns controversial. The dataset did not include home addresses. It did not include phone numbers. It did not include personal email accounts. As TechCrunch noted, the data was LinkedIn profile data anyone could find by typing the right search into LinkedIn.

The platforms did not need home addresses to call it doxxing. They were applying their policies to the aggregation, not to any single field. That was new in 2018. It is a settled norm in 2026.

WikiLeaks republishes

Days later, WikiLeaks republished the dataset as "ICEPatrol." Newsweek covered the republication on June 22. WikiLeaks framed the takedowns as censorship.

The pattern, U.S.-platform publication, policy takedown, offshore republication, has become the standard shape of these incidents. The 2025-2026 ICE List incident follows the same playbook at much higher stakes. Same scrape-aggregate-publish pattern. Eight years later. Offshore hosting from day one.

Why this case matters

Two things matter for first responders.

First, the Lavigne case set the baseline for what platform policies treat as doxxing. Data anyone could find one record at a time can be doxxing in aggregate. Department-website rosters, conference attendee lists, association directories, and LinkedIn profiles are all input. Officers and federal agents who think their LinkedIn presence is harmless because it does not list an address are using a 2017 threat model.

Second, the takedowns did not stop the data from spreading. GitHub and Medium removed it within a day. WikiLeaks republished offshore. The platform-policy layer is real but partial. Once data is published, removing the original does not pull it back from mirrors.

What this means for federal officers and any sworn first responder

LinkedIn and any public professional-bio surface is part of your threat model. Department-website directories and rosters are the local analog. Same aggregation logic applies.

The chain from name to home address is the part the broker pipeline owns. The Lavigne dataset did not contain addresses. Downstream actors ran the names through Spokeo, Whitepages, and dozens of broker pages and pulled addresses anyway.

The defensive layer that does not depend on a takedown is closing that chain. We file broker opt-outs across 200+ commercial people-search sites and re-run the demands when listings come back.

For more on the doxxing chain see /doxxing. For the 2025-2026 successor at federal scale, see the ICE List page.

---

Editorial rules: Only public, already-reported incidents. Never name a non-public victim. Always end with the prevention takeaway tied to our service. Cite at minimum one public source per claim.