Hackers claim to have accessed data tied to millions of crime tipsters

Millions of crime tips may have been exposed after a hacker group claims to have compromised systems used by Crime Stoppers programs and other organizations worldwide.

The incident centers on P3 Global Intel, a Texas-based provider of cloud-based tip and intelligence management software owned by Navigate360.

The hacktivists, known as “Internet Yiff Machine,” submitted the stolen data to Straight Arrow News (SAN). According to SAN, the group supplied a cache of more than 8.3 million records said to be taken from P3. The data reportedly spans from as far back as 1987, up to 2025, and is said to include crime tips submitted through Crime Stoppers programs, law enforcement agencies, schools, and parts of the US federal government.

SAN said it verified parts of the dataset by contacting tipsters whose details appeared in the records. Leak archive Distributed Denial of Secrets (DDoSecrets) said it also received a copy and plans to share it with vetted journalists and researchers.

If the data is genuine, it appears to contain extensive personal information about individuals accused in tips, including names, addresses, phone numbers, dates of birth, license plates, Social Security numbers, and other identifiers. Despite marketing materials that promise tipsters that their identity “will remain anonymous at all times,” SAN reports that personal details for some tipsters who provided such information also appear throughout the data set. The cache allegedly also includes user account details, customer support requests, internal law enforcement bulletins, and unencrypted message IDs and passwords used by tipsters to follow up on submissions.

P3’s parent company Navigate360 did not confirm a breach or the scope of any data exposure. In a statement to SAN, Navigate360 CEO JP Guilbault said:

“To this point, we have not confirmed that any sensitive information has been accessed or misused.”

However, the company has engaged an external forensics provider after becoming aware of a possible network incident. P3’s systems reportedly remain operational while this investigation continues.

Law enforcement reactions suggest that at least some customers are treating the incident as a serious risk even in the absence of full technical confirmation. The Portland Police Bureau, which uses Crime Stoppers, has publicly advised residents to “temporarily refrain” from submitting tips through the Crime Stoppers platform while the situation is under review.

In a statement quoted by local and national media, the bureau said it was aware of reports of a potential data breach at a third-party service used to collect anonymous tips and that “out of an abundance of caution” it was asking community members to avoid the service for now. Instead, Portland police are directing people who are willing to provide non-anonymous information to contact the department directly.

“Anonymous” is not a technical guarantee

According to SAN, P3 may capture session information from web and mobile tip submissions. If so, interested parties could potentially use that data to help identify anonymous tipsters, highlighting that “anonymous” is not a technical guarantee. While no method is foolproof, experts recommend the following steps when reporting a crime:

Use a privacy-focused browser and a reputable VPN to hide your real IP address.
Avoid including relative information that can be linked back to you, such as “my neighbor,” “my boss,” or “my ex.”
If a tip form requires contact details, consider whether you’re comfortable with the tip no longer being anonymous.
Strip metadata from files you upload (photos, documents, videos), since they can contain GPS coordinates, device IDs, and timestamps.

What to do if your data was in a breach

If you think you have been affected by a data breach, here are steps you can take to protect yourself:

Check the company’s advice. Every breach is different, so check with the company to find out what’s happened and follow any specific advice it offers.
Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop, or phone as your second factor. Some forms of 2FA can be phished just as easily as a password, but 2FA that relies on a FIDO2 device can’t be phished.
Watch out for impersonators. The thieves may contact you posing as the breached platform. Check the official website to see if it’s contacting victims and verify the identity of anyone who contacts you using a different communication channel.
Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
Consider not storing your card details. It’s definitely more convenient to let sites remember your card details, but it increases risk if a retailer suffers a breach.
Set up identity monitoring, which alerts you if your personal information is found being traded illegally online and helps you recover after.