An apparent data breach may have compromised user information submitted to GTFOICE.org, a newly launched platform designed to organize opposition to proposed ICE detention facilities across the United States. The situation is still developing, but early signs point to a serious security failure involving sensitive user data.

GTFOICE.org was launched by Miles Taylor, a former Department of Homeland Security official who later founded DEFIANCE.org. The site positions itself as a rapid response network that allows users to sign up for alerts about proposed ICE facilities in their communities and mobilize local opposition. Public materials on the site indicate partnerships with Project Salt Box and the Save America Movement, and its landing page describes the effort as a collaboration between those groups and DEFIANCE.org.

From the outset, we were skeptical of the platform. A site collecting personal data tied to political organizing around federal enforcement infrastructure raises obvious concerns, particularly when there is limited transparency about how that information will be stored or protected. We also viewed the project as a potential attempt by the founders of DEFIANCE.org to monetize a vulnerable group of people actively trying to stop ICE facilities in their communities. For that reason, we declined to endorse the site or promote it to the more than 670 members of the Hagerstown Rapid Response Signal group.

Three days ago, we signed up on the platform using multiple email addresses and phone numbers across several locations listed on the site, including Hagerstown and Williamsport, Maryland, as well as Salt Lake City. No confirmation emails or texts were received at the time of signup.

That changed this morning.

One of the phone numbers used during signup received a text message claiming that user data submitted to GTFOICE.org had been forwarded to federal authorities, including the FBI, HSI, and ICE. The message also included inflammatory claims about the individuals behind the project. We responded to the message but received no reply.

Shortly after, the GTFOICE.org website appeared to acknowledge an issue. Around 6 p.m. Eastern, the site displayed a notice stating that signups were temporarily paused while a security review was completed. Within roughly twenty minutes, that message was removed and replaced with a generic “under construction” page.

It remains unclear whether the message received was the result of a confirmed breach, a malicious spoof, or another form of compromise. However, the sequence of events raises serious questions about how user data was handled and whether it may have been exposed.

GTFOICE.org is collecting highly sensitive information from individuals organizing against federal immigration enforcement infrastructure. Any compromise of that data could have significant consequences for those involved.

This is a developing story. We will continue to investigate and provide updates as more information becomes available.