DHS confirms breach of HSIN sensitive information-sharing network
The U.S. Department of Homeland Security confirmed that hackers breached the Homeland Security Information Network, an unclassified platform used to share sensitive information with federal, state, local and private-sector partners.
- Victim
- U.S. Department of Homeland Security
On 1 July 2026, the U.S. Department of Homeland Security โ the federal agency responsible for coordinating homeland security across government and industry โ confirmed that hackers had breached the Homeland Security Information Network (HSIN), the platform it uses to share sensitive-but-unclassified information with federal, state, local, tribal, territorial, international and private-sector partners.
According to reporting, the intrusion is believed to have occurred sometime between late May and early June 2026, and the attackers targeted HSIN servers as well as a SharePoint system used for collaboration. DHS has not attributed the activity to any specific threat actor or foreign government, and it remains unclear whether any documents were exfiltrated from the platform.
What DHS said
In a statement, DHS described the incident as involving "a specific, unclassified legacy information sharing environment," and said it "immediately took action to isolate the affected systems, mitigate the vulnerability, and launch a comprehensive forensic investigation." The department stressed that "there is no indication that classified networks were impacted, and the system remains operational for our partners," adding that it could not provide further operational details while the investigation continues.
Why it matters
HSIN is a backbone for sensitive-but-unclassified coordination, carrying the kind of threat reporting, situational awareness and interagency planning that never rises to a classified system but is still highly sensitive if exposed. The timing drew particular scrutiny: the United States is currently overseeing security for World Cup matches hosted across the country, raising concerns that a compromise of HSIN could have exposed security planning, interagency coordination or response procedures. The episode is a reminder that legacy platforms and adjacent collaboration tools such as SharePoint remain a favoured target, and that "unclassified" is not the same as "low value" when the aggregated content maps how agencies plan and respond.
Timeline
DHS confirms a cyber incident affecting a legacy unclassified information-sharing environment, saying it isolated the affected systems and launched a forensic investigation.
Sources
- bleepingcomputer.comhttps://www.bleepingcomputer.com/news/security/dhs-confirms-hackers-breached-hsin-info-sharing-platform/
- nextgov.comhttps://www.nextgov.com/cybersecurity/2026/06/hackers-breached-dhs-information-sharing-network-people-familiar-say/414534/