DHS confirms hackers breached HSIN info-sharing platform

dr_kiszonka1 pts0 comments

DHS confirms hackers breached HSIN info-sharing platform

Home<br>News<br>Security<br>DHS confirms hackers breached HSIN info-sharing platform

DHS confirms hackers breached HSIN info-sharing platform

By Lawrence Abrams

July 1, 2026

01:32 PM

The Department of Homeland Security is investigating a cyberattack that compromised the Homeland Security Information Network (HSIN), a sensitive information-sharing platform used by federal, state, local, and private-sector partners.

The intrusion, first reported by Nextgov, was carried out by an unknown threat actor in recent weeks and is believed to have occurred sometime between late May and early June, according to two people familiar with the matter who spoke on the condition of anonymity.

DHS is currently investigating the attack and has reportedly not attributed it to any specific threat actor or foreign governments. Whether any documents were stolen from the system also remains unclear.

According to Nextgov's sources, the threat actors targeted HSIN servers as well as a SharePoint system used for collaboration efforts. The department's Office of Intelligence and Analysis has since conducted a damage assessment of the breach.

The Homeland Security Information Network is a DHS platform for sharing sensitive but unclassified information among government, international, and private-sector partners.

Approved users can use the network to access data, exchange requests with partner agencies, manage operations, coordinate safety and security for planned events, respond to incidents, and share critical information needed to protect their communities.

The platform supports real-time communication, alerts, and incident management, and is also used to exchange information about persons of interest and potential threats.

As the United States is currently overseeing security for World Cup games hosted across the country, Nextgov raised concerns that the breach could have exposed security planning, interagency coordination, or response procedures.

In a statement, a DHS spokesperson confirmed the incident to BleepingComputer while emphasizing that classified systems were not affected.

"The Department of Homeland Security is aware of a recent cyber incident involving a specific, unclassified legacy information sharing environment," DHS told BleepingComputer.

"We immediately took action to isolate the affected systems, mitigate the vulnerability, and launch a comprehensive forensic investigation. There is no indication that classified networks were impacted, and the system remains operational for our partners. As this is an ongoing investigation, we cannot provide further operational details at this time."

HSIN previously suffered a security incident in 2023, when an access misconfiguration linked to a contractor's coding error exposed restricted data within HSIN-Intel, the platform's intelligence section.

The error, detailed in an internal DHS memo seen by Wired, set access permissions to "everyone" rather than a limited group of authorized users, exposing information, including sensitive U.S. person data and other personally identifiable information, to all of HSIN's users.

Test every layer before attackers do

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.<br>The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Get the whitepaper

Related Articles:

Charter Communications data breach affects 4.9 million accounts<br>Foxconn confirms cyberattack claimed by Nitrogen ransomware gang<br>Amazon fined $2.25M for withholding evidence from fraud victims<br>Insurance giant Aflac discloses data breach after subsidiary hack<br>US seizes hundreds of FIFA World Cup illegal streaming domains

Breach

Cyberattack

Department of Homeland Security

DHS

Homeland Security Information Network

HSIN

USA

Lawrence Abrams

Lawrence Abrams is the owner and Editor in Chief of BleepingComputer.com. Lawrence's area of expertise includes Windows, malware removal, and computer forensics. Lawrence Abrams is a co-author of the Winternals Defragmentation, Recovery, and Administration Field Guide and the technical editor for Rootkits for Dummies.

Previous Article

Next Article

Post a Comment Community Rules

You need to login in order to post a comment

Not a member yet? Register Now

You may also like:

Upcoming Webinar

Popular Stories

Data breach exposes up to 14.2 million email logins at six ISPs

U.S. offers $10 million for hackers targeting WhatsApp, Signal users

CISA: Windows BlueHammer flaw now exploited by ransomware gangs

Sponsor Posts

CTI Starter Kit + 2026 SANS CTI Survey

Build a GRC agent in minutes, no code. Get early access to Agent Studio.

Turn Indicators into Actionable Intelligence in OpenCTI with Criminal IP

VOIP Detection with Phone.com and IPQS

See how Pixellot discovered and secured hundreds of unmanaged AI agent identities in weeks, not...

security hsin information platform sharing breach

Related Articles