Hackers Breached DHS Information-Sharing Network
Hackers Breached DHS Information-Sharing Network 🚨
A key Department of Homeland Security (DHS) information-sharing database was accessed by an unknown threat actor in recent weeks, potentially exposing sensitive data exchanged between federal, state, local, and industry partners. According to two people familiar with the matter, DHS investigators are probing the intrusion of the Homeland Security Information Network (HSIN).
The hackers’ affiliation and whether any documentation was pilfered from the system remain unclear. The department’s Office of Intelligence and Analysis has conducted a damage assessment of the intrusion, believed to have occurred sometime between late May and early June. The hackers targeted HSIN servers and a SharePoint system used for collaboration efforts.
The HSIN is utilized by government, international, and private sector partners to share sensitive but unclassified information. Approved users rely on the network to securely access data, exchange requests with partner agencies, manage operations, coordinate safety and security for planned events, respond to incidents, and share mission-critical information needed to protect their communities.
The intrusion comes as the U.S. oversees security for World Cup games across the country, placing added scrutiny on the systems federal, state, and local officials use to coordinate major events. A breach of the platform could raise concerns about whether hackers gained insight into security planning, interagency coordination, or response procedures surrounding one of the most visible international events hosted predominantly in the United States.
A department spokesperson stated, “The Department of Homeland Security is aware of a recent cyber incident involving a specific, unclassified legacy information-sharing environment. We immediately took action to isolate the affected systems, mitigate the vulnerability, and launch a comprehensive forensic investigation.” Additionally, the spokesperson noted, “There is no indication that classified networks were impacted, and the system remains operational for our partners. As this is an ongoing investigation, we cannot provide further operational details at this time.”
This development is not the first time HSIN has faced security problems. In 2023, an access misconfiguration linked to a contractor’s coding error caused restricted HSIN data to be exposed to unapproved users inside the platform, allowing sensitive U.S. person data and other personally identifying information to be made available more broadly.
For more details, Read full article