Stolen FBI agent roster used to threaten 15+ agents and contact one agent's child in 2026

What happened

On January 7, 2026, FBI agents responded to a Minneapolis incident in which Renee Good was fatally shot. During the response, two FBI vehicles were left unsecured at the scene. Protesters looted the vehicles. The contents reportedly included weapons, FBI identification cards, building access badges, laptops, and printed agent rosters.

The rosters carried what is, in effect, a target list. Federal prosecutors later described the exposed data as including home addresses, personal phone numbers, personal email addresses, and driver's-license details for FBI personnel assigned to the field office.

Within weeks, the consequences materialized. CWB Chicago and Herald-Review reported in early February 2026 that more than 15 FBI agents had received threatening communications tied to the stolen data. One agent was contacted by 23 separate individuals. The agent's child was contacted through social media. Suspicious activity was observed outside the homes of multiple agents. On February 2, 2026, federal authorities charged Jose Alberto Ramirez, 28, of Schaumburg, Illinois with transmitting threats.

How it started

Two failure modes lined up. The first was operational, vehicles left unsecured at an active incident scene. The second was structural, the field office still maintained printed agent rosters that carried home addresses and personal contact data in a single document. When the first failure happened, the second one made the consequences immediate and severe.

The data classes on the roster, home address, personal phone, personal email, driver's-license details, are exactly what the federal Driver's Privacy Protection Act was written to control on the DMV side. DPPA gives downstream actors who misuse DMV-derived data a private right of action with $2,500 per violation. That helps after the fact. It does not help when the data is sitting on a printed sheet in an unsecured vehicle.

The escalation pattern, an agent contacted by 23 different people and the same agent's child contacted on social media, is the family-targeting threat model. The roster gave the actor home address. From there, broker pages, social media, and reverse-lookup tools fill in the relatives. The kid is reachable because the broker page links the parent to the kid by household.

What this means for you

If you're a federal agent, FBI, ATF, DEA, ICE, or any field officer whose home address might appear on an agency roster, this case is the worst-case answer to the question "what happens when an agency dataset leaks." Every minute the roster is in circulation, every channel that lets an attacker convert a name into a residence is a path. Brokers are the path that runs every day, every aggregator, and every re-listing.

Federal personnel currently have no broker-removal statute equivalent to NJ's Daniel's Law or the federal Lieu Act (the federal law covers federal judges only). The defensive layer is continuous broker removal across every commercial site that lists residences. We file opt-outs across 200+ broker sites and re-check every two weeks. When a roster leak happens, the broker side is what the attacker uses to translate a name into a doorstep. Closing those channels in advance shortens the chain.

Editorial rules: Only public, already-reported incidents. Never name a non-public victim. Always end with the prevention takeaway tied to our service. Cite at minimum one public source per claim.