From the posted link

In a lengthy statement released over the weekend, the StopICE team rejected claims that any personal user data was exposed or handed over to authorities. According to them, the platform does not collect names, addresses, or precise GPS coordinates from its users. Instead, it uses anonymized polar coordinate calculations based on ZIP codes to trigger location-based alerts.

The statement also attributes the attempted breach to a personal server allegedly tied to a Customs and Border Protection (CBP) agent in Southern California. The attackers reportedly tried to inject false alerts into the system but were unsuccessful, the platform says, due to countermeasures and quick isolation of the attack vector. The operators claim the attackers fell for “bait” in the form of fake data and API keys, enabling StopICE to trace their networks and even publish associated IP addresses and phone numbers.

StopICE further downplayed the scale of the incident, claiming the only exposure involved temporary file names after a backend management tool update modified security headers, an issue they say was minor and resolved swiftly.

Keep in mind StopICE is a website, not an app, so some of the stuff the hackers claimed they got don’t seem to make sense. The only “personal” info I see the website could collect is a phone number if you sign up for text alerts when someone posts an alert at a zip code / city / state.