The Department of Homeland Security (DHS) confirmed July 1 that unknown hackers breached the Homeland Security Information Network (HSIN), the federal platform used by government agencies to share threat intelligence, coordinate event security, and manage emergency response.
DHS said investigators immediately isolated the affected systems and launched a forensic investigation after the breach came to light. A department spokesperson said there is “no indication that classified networks were impacted” and that HSIN remains operational.
The hackers targeted HSIN servers and a SharePoint system used for interagency collaboration, according to two people familiar with the matter who spoke to Nextgov on the condition of anonymity.
The breach is believed to have occurred between late May and early June, meaning the intruder may have spent up to five weeks inside the network as federal agencies relied on it for real-time FIFA World Cup security coordination. Whether any data was stolen remains unclear.
HSIN carries sensitive but unclassified information shared among federal, state, local, tribal, territorial, international, and private-sector partners.
The platform supports real-time communication, document sharing, incident management, and the exchange of data on persons of interest and potential threats. Sen. Mark Warner, vice chair of the Senate Select Committee on Intelligence, said the information exchanged over HSIN “is highly sensitive, and its exposure risks national security.”
Warner confirmed the platform is supporting World Cup and America250 security coordination and called on DHS and the Department of Justice to “thoroughly investigate” the breach.
HSIN faced a previous security lapse in 2023, when a contractor coding error exposed restricted data, including sensitive U.S. person records and personally identifying information, to unauthorized users inside the platform, Nextgov previously reported.
No threat actor has been identified, and DHS has not attributed the intrusion to a foreign government.







