U.S. Department of Homeland Security: DHS confirms hackers breached HSIN info-sharing platform

U.S. Department of Homeland Security: DHS confirms hackers breached HSIN info-sharing platform

DHS Investigates Cyberattack on Sensitive Information-Sharing Network

The U.S. Department of Homeland Security (DHS) is probing a recent cyberattack targeting the Homeland Security Information Network (HSIN), a critical platform used by federal, state, local, and private-sector partners to share sensitive but unclassified information. The breach, first reported by Nextgov, occurred between late May and early June and was carried out by an unidentified threat actor.

According to sources familiar with the matter, the attackers compromised HSIN servers and a SharePoint system used for collaboration. While the extent of the damage remains unclear including whether any documents were stolen DHS’s Office of Intelligence and Analysis is conducting a forensic assessment. The agency has not attributed the attack to any specific group or foreign government.

HSIN serves as a vital tool for real-time communication, incident management, and threat intelligence sharing, including data on persons of interest and security planning. With the U.S. overseeing security for the 2024 World Cup, concerns have arisen that the breach could have exposed interagency coordination details, response procedures, or event security plans.

In a statement to BleepingComputer, DHS confirmed the incident, emphasizing that classified systems were unaffected. The agency isolated the affected systems, mitigated the vulnerability, and launched an investigation. The platform remains operational for partners, though further details are withheld due to the ongoing probe.

This is not the first security lapse for HSIN. In 2023, a contractor coding error led to an access misconfiguration in HSIN-Intel, exposing restricted data including U.S. person data and personally identifiable information to all users. The issue was later detailed in an internal DHS memo obtained by Wired.

Source: https://www.bleepingcomputer.com/news/security/dhs-confirms-hackers-breached-hsin-info-sharing-platform/

U.S. Department of Homeland Security cybersecurity rating report: https://www.rankiteo.com/company/us-department-of-homeland-security

"id": "US-1782931085",
"linkid": "us-department-of-homeland-security",
"type": "Cyber Attack",
"date": "5/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'customers_affected': 'Federal, state, local, and '
                                              'private-sector partners',
                        'industry': 'National Security, Public Safety',
                        'location': 'United States',
                        'name': 'U.S. Department of Homeland Security (DHS)',
                        'size': 'Large',
                        'type': 'Government Agency'}],
 'data_breach': {'personally_identifiable_information': 'Potentially exposed',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': 'Sensitive but unclassified '
                                             'information, potentially '
                                             'including U.S. person data and '
                                             'personally identifiable '
                                             'information'},
 'date_detected': '2024-06',
 'description': 'The U.S. Department of Homeland Security (DHS) is '
                'investigating a cyberattack targeting the Homeland Security '
                'Information Network (HSIN), a critical platform used for '
                'sharing sensitive but unclassified information among federal, '
                'state, local, and private-sector partners. The breach '
                'occurred between late May and early June and was carried out '
                'by an unidentified threat actor. The attackers compromised '
                'HSIN servers and a SharePoint system, with the extent of the '
                'damage still unclear.',
 'impact': {'data_compromised': 'Sensitive but unclassified information, '
                                'potentially including interagency '
                                'coordination details, response procedures, or '
                                'event security plans',
            'identity_theft_risk': 'Potential exposure of personally '
                                   'identifiable information',
            'operational_impact': 'Platform remains operational for partners, '
                                  'but investigation is ongoing',
            'systems_affected': 'HSIN servers, SharePoint system'},
 'investigation_status': 'Ongoing',
 'references': [{'source': 'Nextgov'},
                {'source': 'BleepingComputer'},
                {'source': 'Wired'}],
 'response': {'communication_strategy': 'Confirmed incident in a statement to '
                                        'BleepingComputer, withheld further '
                                        'details due to ongoing investigation',
              'containment_measures': 'Affected systems were isolated, '
                                      'vulnerability mitigated',
              'incident_response_plan_activated': 'Yes'},
 'threat_actor': 'Unidentified threat actor',
 'title': 'Cyberattack on Homeland Security Information Network (HSIN)',
 'type': 'Cyberattack'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.