The Department of Homeland Security has confirmed that its Homeland Security Information Network (HSIN) was compromised by an unknown threat actor, with the intrusion believed to have occurred sometime between late May and early June 2026. The agency is actively investigating the incident and has not attributed the attack to any specific actor or foreign government.

What Was Targeted

According to sources familiar with the matter, the attackers targeted HSIN servers as well as a SharePoint system used for interagency collaboration. DHS’s Office of Intelligence and Analysis has conducted a damage assessment, though it remains unclear whether any documents were exfiltrated during the breach.

HSIN is a platform for sharing sensitive but unclassified information among federal, state, local, international, and private-sector partners. Its capabilities include real-time communications, incident management, alerts, coordination of safety and security for planned events, and the exchange of information about persons of interest and potential threats.

DHS Response

In a statement provided to BleepingComputer, DHS described the affected environment as a “specific, unclassified legacy information sharing environment” and said it moved quickly to contain the damage.

“We immediately took action to isolate the affected systems, mitigate the vulnerability, and launch a comprehensive forensic investigation. There is no indication that classified networks were impacted, and the system remains operational for our partners.”

The department emphasized that classified systems were not affected and that HSIN remains operational.

Timing and Potential Exposure

The breach comes at a sensitive moment: the United States is currently hosting FIFA World Cup matches across multiple cities, an event that requires extensive interagency security coordination. Concerns have been raised that compromised HSIN data could include security planning documents, response procedures, or interagency coordination details tied to the tournament.

Prior Security Issues on HSIN

This is not the first security incident involving HSIN. In 2023, a contractor’s coding error set access permissions within HSIN-Intel, the platform’s intelligence section, to “everyone” rather than a restricted group of authorized users. That misconfiguration exposed sensitive U.S. person data and other personally identifiable information to the broader HSIN user base. The 2023 incident was documented in an internal DHS memo.

The recurrence of security failures on a platform specifically designed to protect sensitive homeland security information will likely draw scrutiny from oversight bodies. The investigation is ongoing, and DHS has stated it cannot provide further operational details at this time.