Skip to content
Data breachContained

DHS confirms breach of HSIN sensitive information-sharing network

The U.S. Department of Homeland Security confirmed that hackers breached the Homeland Security Information Network, an unclassified platform used to share sensitive information with federal, state, local and private-sector partners.

Victim
U.S. Department of Homeland Security

On 1 July 2026, the U.S. Department of Homeland Security โ€” the federal agency responsible for coordinating homeland security across government and industry โ€” confirmed that hackers had breached the Homeland Security Information Network (HSIN), the platform it uses to share sensitive-but-unclassified information with federal, state, local, tribal, territorial, international and private-sector partners.

According to reporting, the intrusion is believed to have occurred sometime between late May and early June 2026, and the attackers targeted HSIN servers as well as a SharePoint system used for collaboration. DHS has not attributed the activity to any specific threat actor or foreign government, and it remains unclear whether any documents were exfiltrated from the platform.

What DHS said

In a statement, DHS described the incident as involving "a specific, unclassified legacy information sharing environment," and said it "immediately took action to isolate the affected systems, mitigate the vulnerability, and launch a comprehensive forensic investigation." The department stressed that "there is no indication that classified networks were impacted, and the system remains operational for our partners," adding that it could not provide further operational details while the investigation continues.

Why it matters

HSIN is a backbone for sensitive-but-unclassified coordination, carrying the kind of threat reporting, situational awareness and interagency planning that never rises to a classified system but is still highly sensitive if exposed. The timing drew particular scrutiny: the United States is currently overseeing security for World Cup matches hosted across the country, raising concerns that a compromise of HSIN could have exposed security planning, interagency coordination or response procedures. The episode is a reminder that legacy platforms and adjacent collaboration tools such as SharePoint remain a favoured target, and that "unclassified" is not the same as "low value" when the aggregated content maps how agencies plan and respond.

Timeline

  1. DHS confirms a cyber incident affecting a legacy unclassified information-sharing environment, saying it isolated the affected systems and launched a forensic investigation.

Sources

  1. bleepingcomputer.comhttps://www.bleepingcomputer.com/news/security/dhs-confirms-hackers-breached-hsin-info-sharing-platform/
  2. nextgov.comhttps://www.nextgov.com/cybersecurity/2026/06/hackers-breached-dhs-information-sharing-network-people-familiar-say/414534/

Related incidents

Data breachOngoing

Nintendo employee survey data stolen via third-party TinyPulse platform

Nintendo of America confirmed that threat actors stole internal employee survey data from TinyPulse, a third-party HR engagement platform it used, after the SHADOWBYT3$ group claimed to have exfiltrated about 859 MB of data and demanded a US$2 million ransom โ€” while stressing that Nintendo's own systems and customer data were not affected.

Victim
Nintendo of America