The United States (US) Department of Homeland Security (DHS) is investigating a cyberattack on one of its information-sharing platforms after a breach by hackers who reportedly gained access to systems used by government agencies and law enforcement to exchange sensitive intelligence.
The breach affected the Homeland Security Information Network (HSIN), a platform that allows federal, state, local, tribal, territorial, international and private-sector partners to share information, coordinate responses and plan for major events and emergencies.
According to reports, the attackers broke into HSIN servers between late May and early June 2026, and also accessed a SharePoint collaboration platform linked to the network. The intrusion was discovered in early July, prompting DHS to begin an investigation and a forensic review.
Although the platform does not handle classified information, it stores sensitive operational intelligence and planning documents used by thousands of partners across different levels of government.
A DHS spokesperson confirmed the incident, saying the department is “aware of a recent cyber incident involving a specific, unclassified legacy information sharing environment.”
The department said its classified networks were not affected. It has isolated the impacted systems, started work to fix the weaknesses that were exploited and launched a damage assessment through its Office of Intelligence and Analysis.
Officials have not disclosed what information may have been accessed or how much data was taken, nor has the attacker or their motive been found.
The incident has raised concerns because HSIN is currently being used to support security coordination for the ongoing FIFA World Cup in the United States.
The platform also played a role last year in coordinating the response to the mid-air collision between an American Airlines passenger jet and a U.S. Army Black Hawk helicopter over Washington, D.C., which killed 67 people.
Reacting to the breach, Senator Mark Warner, the ranking Democrat on the Senate Intelligence Committee, warned that the exposed information could have wider consequences.
Warner said the intelligence shared through HSIN is “highly sensitive, and its exposure risks national security,” even though the system does not store classified information.
The latest incident also revives issues about HSIN’s security. In 2023, a separate security lapse exposed personal information shared among law enforcement agencies relating to the surveillance of Americans.
The breach adds to a series of cybersecurity incidents affecting the U.S. government since 2025. Those include the exposure of classified information through unauthorised messaging platforms, reported access to federal databases containing Americans’ personal information, and the disclosure of government passwords and cloud credentials by a contractor working with the Cybersecurity and Infrastructure Security Agency (CISA).
Earlier this year, the Federal Bureau of Investigation (FBI) also informed lawmakers that it had declared a “major cyber incident” after the phone numbers of people under federal surveillance were exposed, potentially alerting investigation targets.



