A misconfiguration in the **Homeland Security Information Network-Intel (HSIN-Intel)**—an internal DHS platform used to share **sensitive but unclassified intelligence**—exposed restricted data to **tens of thousands of unauthorized users** between **March and May 2023**. The breach allowed access to **439 intelligence products**, improperly viewed **1,525 times**, including by **518 private-sector contractors and 46 foreign nationals**. Exposed data included **law enforcement leads, domestic protest analysis (e.g., Stop Cop City protests), foreign hacking reports, and disinformation campaigns**, with **39% of accessed materials related to cybersecurity threats** (e.g., state-sponsored hacking). While some unauthorized US users *could* have requested access, the incident revealed systemic failures in **access controls**, raising concerns over **national security risks** and the DHS’s ability to safeguard sensitive intelligence shared with agencies like the **FBI and National Counterterrorism Center**. The leak underscored vulnerabilities in handling **domestic surveillance data**, potentially compromising **counterterrorism operations, protest monitoring, and foreign cyber threat intelligence**.
TPRM report: https://www.rankiteo.com/company/us-department-of-homeland-security
"id": "us-4992949091625",
"linkid": "us-department-of-homeland-security",
"type": "Breach",
"date": "5/2023",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'industry': 'national security/homeland security',
'location': 'United States',
'name': 'U.S. Department of Homeland Security (DHS)',
'type': 'federal government agency'},
{'industry': 'intelligence/law enforcement',
'location': 'United States',
'name': 'DHS Office of Intelligence and Analysis (I&A)',
'type': 'intelligence agency (subdivision of DHS)'},
{'location': ['United States',
'international (foreign nationals)'],
'name': 'Unauthorized HSIN Users',
'size': 'tens of thousands (439 products accessed '
'1,525 times; 518 by private sector, 46 by '
'non-US citizens)',
'type': ['government workers (non-intelligence/law '
'enforcement)',
'private sector contractors',
'foreign government staff']}],
'attack_vector': "misconfigured access controls (platform set to 'everyone' "
'instead of restricted HSIN-Intel users)',
'data_breach': {'number_of_records_exposed': "439 I&A 'products' accessed "
'1,525 times',
'sensitivity_of_data': 'sensitive but unclassified '
'(restricted to HSIN-Intel users)',
'type_of_data_compromised': ['sensitive but unclassified '
'intelligence',
'investigative leads',
'law enforcement tips',
'foreign hacking/disinformation '
'reports',
'domestic protest analyses',
'cybersecurity threat '
'intelligence']},
'description': 'An internal DHS memo obtained via a FOIA request revealed '
'that from March to May 2023, the DHS Office of Intelligence '
'and Analysis (I&A) misconfigured its Homeland Security '
'Information Network-Intelligence (HSIN-Intel) platform, '
'exposing restricted intelligence information to tens of '
'thousands of unauthorized users, including US government '
'workers (e.g., disaster response), private sector '
'contractors, and foreign nationals. The leak involved 439 I&A '
"'products' accessed 1,525 times, with 518 accesses by private "
'sector users and 46 by non-US citizens. Exposed data included '
'law enforcement leads, reports on foreign '
'hacking/disinformation, and analyses of domestic protests '
'(e.g., Stop Cop City). Nearly 40% of improperly accessed '
'materials pertained to cybersecurity threats like '
'state-sponsored hacking.',
'impact': {'brand_reputation_impact': 'eroded public and stakeholder trust in '
"DHS's ability to secure sensitive "
'intelligence data',
'data_compromised': ['law enforcement leads and tips',
'reports on foreign hacking and '
'disinformation campaigns',
'analysis of domestic protest movements '
'(e.g., Stop Cop City protests in Atlanta)',
'cybersecurity intelligence (39% of exposed '
'products)',
'media reports praising violent actions '
'against police'],
'operational_impact': 'exposure of sensitive but unclassified '
'intelligence to unauthorized parties, '
'undermining trust in DHS information '
'security',
'systems_affected': ['Homeland Security Information '
'Network-Intelligence (HSIN-Intel) platform']},
'investigation_status': 'completed (internal DHS inquiry documented in memo)',
'post_incident_analysis': {'root_causes': ['misconfiguration of HSIN-Intel '
'access controls (set to '
"'everyone')",
'inadequate access review '
'processes']},
'references': [{'source': 'WIRED'},
{'source': 'Freedom of Information Act (FOIA) request (Brennan '
'Center for Justice)'},
{'source': 'DHS internal memo (obtained via FOIA)'}],
'title': 'DHS Intelligence Data Leak via Misconfigured HSIN-Intel Platform',
'type': ['data leak', 'misconfiguration', 'unauthorized access'],
'vulnerability_exploited': 'improper access control configuration'}