Overview
- Reporting by multiple outlets says the intrusion occurred sometime between late May and early June and that attackers targeted HSIN servers and a SharePoint collaboration system.
- DHS confirmed the incident, says it isolated the affected legacy environment, applied mitigations, and opened a comprehensive forensic investigation and damage assessment.
- Officials have not publicly attributed the attack to any actor and investigators have not confirmed whether documents were stolen or whether classified networks were affected.
- HSIN is a sensitive-but-unclassified platform used by federal, state, local and private partners to share alerts, people-of-interest lists, operational plans and event security coordination, so a compromise could expose planning without touching classified systems.
- The breach recalls a 2023 HSIN access misconfiguration that exposed restricted data and raises questions about security for legacy information-sharing tools and potential impacts on event security and interagency operations as the probe continues.