BREAKING: The BATFE Leaked The Emails of 1,400 E-form Users

Arfcom members have reported that the BATFE just sent out an email concerning their e-Form system and somehow managed to CC it to more than 1,400 eForm users, making their email addresses and identities public. The email was sent by Department of Justice “IT Specialist” Lee Alston-Williams.

Many e-Form users are reporting to have received the email from Alston-Williams with no CC’d emails. At this time there appears to have been only one batch of emails, sent to people with names beginning “g” and “h” which contained the CC’d email addresses. This is little consolation to people whose identities have now been leaked.

The below screenshot shows the email subject line, the sender and hundreds of emails is was CC’d to (blurred out):


The contents of the email is below ….

ATF eForms Update

The new eForms has been named the “Firearms and Explosives Application Module (FEAM)”. This name was selected to emphasis that FEAM is more than a “fillable form”. It is a business process module which will include at a minimum the functionality listed below:

? Auto assignment – All applications will be immediately upon submission assigned to an examiner for processing.

? Auto approval – Some forms, like the ATF Forms 2 and 3, if they meet certain pre-determined criteria will be automatically approved by the FEAM system upon submission.

? Internal controls and performance measurement reporting – ATF has a full audit trail of every application received with date and time stamps for every step in the process. Digital signatures can be used to lock down portions of the form to ensure the security of the data and the authenticity of the submitter.

? Improved business processes with automatic Records Management & Retention, as mandated by the Office of Management and Budget.

? Electronic Signature (for submitter and ATF personnel) – provides enhanced authentication, validation and improves processing and approval.

? Enhance Industry satisfaction: user-friendly interaction.

? FEAM provides the Application Program Interface (APIs) needed to update the existing ATF back end databases, to allow for the batch submission of multiple forms using one computer session.

? Improves efficiency for the Enforcement Programs and Services staff – Forms can be automatically routed, evaluated and tracked so that final determinations can be made in a consistent and expeditious manner.

We had hoped to be able to present the first iteration of FEAM at the 2016 SHOT Show. ATF performed an assessment of what was contracted to be developed for FEAM and what the contractor planned to deliver. At the end of the assessment, all parties involved felt that the product outlined in the current contract did not fully provide all the functionality that we expected, or that the industry requested. For these reasons we decided that rather than to continue on the current course, we would take the steps listed below to ensure that FEAM is a worthwhile investment for both the industry and ATF:

1. Curtail the current development effort.

2. Determine what is needed to sustain the existing eForms system, until the full requirements for FEAM can be determined and developed.

3. Make the necessary changes to eForms to stabilize the infrastructure with the ever-increasing user population.

4. Determine if we can re-introduce the Form 3 to the current eForms, through load testing and other system validations.

5. Perform an assessment of the ATF and industry requirements for FEAM.

6. Secure required funding for a new FEAM initiative, based on the revised requirements.

7. Restart the FEAM initiative, to include industry participation during the requirements gathering and testing processes.

We look at this as only a minor delay. It is our intention to use this delay to acquire the tools and resources necessary to develop a product that will provide more functionality and a stable workflow process and infrastructure. All the work previously done on FEAM is not lost. It will be the foundation for the work that is yet to come. If you have any questions you can contact Lee Alston-Williams at

Thanks to Andrew for tipping us off.

Steve Johnson

Founder and Dictator-In-Chief of TFB. A passionate gun owner, a shooting enthusiast and totally tacti-uncool. Favorite first date location: any gun range. Steve can be contacted here.


  • JK


  • anon

    Glad to see that they are staying busy when they are not shooting women holding babies, killing dogs or burning children alive.

    • Edeco

      …stomping on kittens.

    • Norm Glitz

      “shooting women holding babies” That’s the FBI “Hostage Rescue Team” whether there are hostages or not..

  • whodywei

    I hope this is a resume generating event.

    • LetsTryLibertyAgain

      This is the government. Nobody is punished for doing the sort of brain dead stuff that would have a private sector employee standing in the unemployment line. Someone will probably get a promotion for this level of incompetence.

  • KestrelBike

    tools. Now, that 2nd bit about auto-acceptance of Form 3’s is kinda cool. The whole idea of NFA is stupid and the ATF can go to hell, of course, but any progress towards quicker stamps is good. Manufacturer-dealer/dealer-dealer delays are just ridiculous. You have their license #’s, what more “checking up” do you need to do beyond a “Is this license in good order? Yes? Proceed”. Not sure how many bureaucrats & programmers it takes to make that happen, but the answer is apparently $1,000,000,000 taxpayer dollars.

  • Scott

    Meh. I go the email, but no fun list of addresses. Tech glitches, they happen.

    • Kirk Newsted

      Its not a tech glitch. The “send” button on e-mail has to be pressed by someone.

      • Bill

        Right, this is the very first time in history that “send all” was elected by mistake.

  • AndyT

    Awesome. Especially for those of us whose email is semi professional and uses our real names. I knew I should have signed up with as my eforms email. (That’s not one of my email addresses I promise!)

    • Varix

      dibs on the email

    • Edeco*


    • Griz

      I was just thinking that myself. So now there are 1399 others that have your name and know you have expensive NFA goodies.

  • Nobody Inparticular

    Those wacky kids. First they give guns to the cartels, then they give their users to the spammers.

    • spammers to the cartels next?

      • allannon

        Spamming the cartels would probably be the most effective tactic yet.

  • datimes

    I got this email today. Glad I’m not a G or H.

    • rob in katy

      I am a G but didn’t get a list of fellow enemies of the state….or Wolverines as I like to all them.

  • TheNotoriousIUD

    Good thing I registered as

  • Spencedaddy

    first or last names that start with G?

    • HKGuns

      emails not names. There were no names involved.

  • Minor. This kind of thing happens all the time both in gov’t and the private sector. Happens in the private sector far more actually, and to much worse extents. Check out the list of private-sector HIPAA breaches on the HHS website.

    This is news only because it’s hip to hate the ATF. If a grocery store chain or a home appliance retailer did it nobody would care for more than about 3 seconds.

    • lucusloc

      Because when a retailer does it I can take my business elsewhere. As a matter of fact, being in IT I regularly avoid chains with poor data hygiene. With the government I do no have that option.

      • While that is certainly true, this is just some email addresses. I’d be unlikely to avoid even a retailer for that. What’s going to happen? You’ll get some spam? Pff. Big deal. At least it wasn’t your credit card/bank information, or your home address.

        Beyond an eyerolling-SMH-moment, this is pretty much a non-issue.

        • Joshua

          except when they start phishing, as a result of this they now have people’s e-mails, names and other info to making a phishing e-mail look legit.
          According to the Ponemon Institute Phishing attacks cost on average $300,000 dollars a year in the US.

          • Pff… if you think email scammers don’t already have your email address you’re living in a fantasy land. But ok…. I guess if everyone is too stupid to not be suckered by a random email then I’m fine with blaming the ATF for it. Why not? *shrug*

          • LV-426


        • lucusloc

          Yeah, just emails is not that big a deal as far as identity issues are concerned, but that does not mean it should not be addressed. I am firmly in the camp that believes that the government should be held to higher standards, not lower. Of course this is just another data point in the ongoing “government does not give a damn about data security” saga. A small, merely annoying data breach, and nothing compared to what the IRS has done with far more sensitive PII, but that does not mean they should not be called out for sloppy data handling. Shame them and hope they learn their lesson. And pray that next time it is not something like inventory and addresses.

      • Creepermoss

        This is why end-user security is important online, because some people (like our government) still think it’s appropriate to hire their internet security on the basis of the lowest bidder.

      • Kirk Newsted

        Exactly. I stopped using credit cards at Target after their little fiasco. I can’t exactly stop using the government.

    • Bill

      No one in the history of email has ever sent anything by mistake. This has to be part of a major conspiracy or huge bureaucratic failure.

      I only conduct transactions face to face and using gold, wheat or goats as currency. Am I glad Christmas shopping is over. You can’t trust the Web, phones, and don’t forget that the Postal Service is run, at a huge loss by our evil overlords.

      • Pastor Dan

        How many goats do I need for a bag of coffee?

        • Bill

          I don’t deal in coffee. Caffeine, like fluoride in drinking water, is part of a conspiracy by the Trilateral Commission, the UN and the Civil Air Patrol (the secret aerial surveillance wing of the government) to keep us all nervous and twitchy.

  • smartacus

    and nobody can sue the gov’mint for wrongful anything.
    Sounds like Carte Blanche to screw with honest upstanding citizens who make the country work.
    And do so with a big fat innocent “oopsie”

  • adverse

    I’m sure it was an honest mistake, or total incompetence.

    • Roger V. Tranfaglia

      The term your looking for iss…honest incompetence!
      HMM….is this the same tech that set up hill’s e-mail server @ her residence??

  • flyfishr

    My email starts with a G. I have the list in case anyone wants to send spam.

    • Pastor Dan

      It’s probably perfectly legal to post it here, but only if we can download the hyperlinks for free. Charge for it, and someone will sue.

      How much are you asking, BTW?

  • GaryOlson

    From the contents of the email, those bozos:
    1) Hired some MBA to “synergize their business process”
    2) let those MBAs issue a contract for a computer system no one could build
    3) cancel the project after they wasted a pile of money
    4) let those same MBAs improperly use email to notify everyone they failed big time.

    Keep buying those NFA items boys; they’re gonna need the income to fail at another computer system no one understands.
    [disclosure: I am a computer professional who has had to deal with the MBA types]

  • HKGuns

    Never trust a person with a hyphenated last name.

    “Lenora (Lee) Alston-Williams” sent the email.

    I wouldn’t necessarily consider it a leak, as it only went out to other e-forms users who are likely “mostly” upstanding citizens.

    “Guy Kemp” from “Fathom Arms” found it necessary to reply to everyone, just to point out the obvious. Doubling down on stupid.

    • Pastor Dan

      Mostly. Likely.

    • thmsmgnm

      He was probably using the reply button as a means of importing all the email addresses into the contact list of his email program so he did not have to do it one at a time.

  • Zachary marrs

    Damnit, first Ashley Madison, now the atf.

    Privacy is a thing of the past

  • uisconfruzed

    Ask ATF about this (304) 616-4522
    They’re very helpful.

  • Mc Cain

    Government efficiency and competency at its finest. Thank you, ATF.

  • LetsTryLibertyAgain

    To err is human, but to #&$% up like this requires a government agency.

  • Realist

    Why anyone would expect the Fed. Gubment to do the right thing is beyond me…it’s being run by a bunch gene altered morons…