My work info just got leaked while I'm undercover

Get out of the operational environment.

Break contact with the target. Not dramatic, not abrupt — a normal exit reason. The goal is space to assess without burning the cover further.

Notify your UC supervisor on a clean channel.

Personal phone, not the cover phone. The cover device may be the leak vector. Use the contact procedure your unit established before deployment.

Capture the leak.

Screenshots of where the connection appeared. Forum post, message, photo, document. URL, timestamp, account, full content. Save to a clean device.

Brief agency intelligence and the threat-assessment unit.

They evaluate exposure scope — which targets saw what, what the operational fallout is, what the personal threat profile becomes if the cover is fully blown.

Move the family.

If the leak names you and the connection is solid, the family relocates the same day. Pre-arranged safe location if the unit has one, out-of-state relative if not.

Audit the leak vector.

How did the connection get made? A broker page, a tagged photo, a relative's social account, a court record. Identifying the source determines whether the cover can be re-built or has to be retired.

Lock down every public-facing account that links to your real name.

Spouse's social accounts, kids' tagged photos, public church directory, gym profiles, alumni pages. Every public mention of your real name is a node a target can match against.

Pull or scrub anything that connects family to your real work.

Spouse's LinkedIn that names your agency. A kid's school newsletter quoting "Officer Dad." A relative's Facebook with you in uniform. Everything that bridges real to cover gets pulled or scrubbed.

Get the leak into the agency record.

Formal incident report to your unit and to agency intelligence. The record drives the assignment-continuation decision and supports any post-incident operational review.

Run a free scan on the household.

See the free scan. The scan shows which broker pages currently link your real name to the family address — the bridge between the cover and the people a target can reach.

Broker cleanup that breaks the real-to-cover bridge.

A target who has your cover name searches for connections to the real you. Broker pages that cross-reference your real address, relatives, and prior addresses are the connection. Close those pages.

For NJ residents, file Daniel's Law demands.

See Daniel's Law. Covered officers and family members at the same residence get $1,000 per violation if a broker fails to remove within ten business days. Useful for the family layer even when the operational layer stays classified.

Leadership decision on assignment continuation.

Not yours to make alone. UC supervisor, intelligence, and command staff weigh exposure scope against operational value. Some leaks survive a re-set, some end the assignment.

Consider full identity protection.

Federal witness-protection-style programs exist for severe cases. Most state and federal agencies have a path to it when the threat profile justifies it.

Federal partners if the target network is multi-jurisdiction.

FBI, DEA, HSI take cross-jurisdiction targeting against UC officers seriously when the documentation is clean.

Continuous broker cleanup before deployment.

A clean broker footprint before the assignment starts is a different problem than scrubbing under fire. Continuous coverage re-checks every two weeks and re-files the same day a record reappears.

Treat the family's digital footprint as part of the cover.

Spouse social accounts to private, kid photos untagged, no department-affiliated posts from the household. The family's feed is what a target uses to verify or break a cover.

Annual real-identity audit while assigned.

What pages link your real name to the family address? What public records carry your relationships? A yearly sweep catches what re-listed since the last cleanup.