Miles Taylor, a former Department of Homeland Security Chief of Staff and former Google security executive, is at the centre of a major data exposure-related controversy. His new project, GTFO ICE, was launched just a couple of weeks ago with a media appearance on The Rachel Maddow Show.
The platform, found at GTFOICE.org, was meant to be a tool for people to organise against immigration detention centres. However, it allegedly failed to protect the personal details of every person who signed up.
For context, GTFO ICE (“Get The Facilities Out”) is a rapid-response network and advocacy tool launched in April 2026. It enables users to identify, track, and protest proposed Immigration and Customs Enforcement (ICE) detention facilities in their communities, aiming to “crowd cancel” them.
The REST API Exposure
According to researchers, the site was using a public REST API that was completely unprotected. For your information, REST API allows a website to send and receive information from a database. In simple terms, the website’s database was connected to the internet without a password or any authentication to block unauthorized users.
Another issue is that the site lacked rate limiting, which basically stops a single user from making thousands of requests at once. In its absence, any hacker or other threat actor could download the entire list of users in seconds, including names, email addresses, phone numbers, ZIP codes, and signup timestamps for 17,662 people.
Timeline of the Exposure
The issue got noticed around May 2026 when a group called Hagerstown Rapid Response tested the site using phone numbers in Maryland and Utah. They didn’t get a confirmation, but a few days later, they received a text message claiming that the user data from GTFO ICE had already been sent to federal agencies, including the FBI, HSI, and ICE.
An X (formerly Twitter) user known as @DataRepublican reportedly notified Taylor about the vulnerability. Despite this warning, the API allegedly remained open for at least 12 hours. Shortly after, the website owners put up a notice saying they were doing a security review. The site was then replaced with an ‘under construction’ page.
This incident has caused a massive wave of concern on the social media site Bluesky, where many of the activists who signed up were coordinating. These users trusted the platform because of Taylor’s high-level background in national security. Taylor, who became famous for writing an anonymous ‘Resistance article during the Trump administration, had his security clearance suspended in 2025 for other conduct issues.
Earlier today, the GTFO ICE website displayed a maintenance notice. At the time of writing, it shows a message stating: “This app isn’t live yet. We couldn’t find a Replit app at this address. If you’re the owner, publish your app to make it reachable.”
This story is developing; stay tuned.
