The platform built to help US government agencies share information securely has become the latest victim of a cyberattack.
The Department of Homeland Security (DHS) has confirmed that hackers breached the Homeland Security Information Network (HSIN) and sat there undetected for weeks. The agency said investigators are still working to determine who is behind the breach and what they may have accessed.
The incident shifts attention from the government’s classified networks to the platforms that keep agencies connected every day.
According to Nextgov, the timing has also raised concerns stemming from the breached platform’s role in security coordination during the World Cup and the growing number of cybersecurity incidents US government agencies have faced in recent times.
Details of the incident
The breach first came to light after people familiar with the matter told Nextgov that hackers had compromised HSIN servers and SharePoint systems. Together, the two platforms facilitate the storage and sharing of sensitive but unclassified information among government agencies and critical infrastructure partners.
The sources said the intrusion occurred sometime between late May and early June, though it remains unclear exactly when the DHS became aware of the incident.
The Department later confirmed via a statement cited by BleepingComputer to be “aware of a recent cyber incident involving a specific, unclassified legacy information sharing environment.” According to the department, affected systems were isolated, the vulnerability was mitigated, and a forensic examination was commenced.
The DHS didn’t say how the attackers gained access. But the statement about mitigating the vulnerability suggests that attackers may have exploited a flaw in HSIN or Microsoft’s SharePoint, a common attack technique.
Must-read security coverage
- UK Police Convicts Pair in £5.5 Billion Bitcoin Launder Case
- Blackpoint Cyber vs. Arctic Wolf: Which MDR Solution is Right for You?
- How GitHub Is Securing the Software Supply Chain
- 8 Best Enterprise Password Managers
Sensitive information raises concerns
While the DHS says that classified systems were not affected, the outcome of the Department’s investigation will determine whether the breach was limited to unauthorized access or resulted in the exfiltration of information shared across the environment.
However, even without access to classified data, sensitive data from the environment may include operational and situational reports from law enforcement, security, and emergency response teams. That is why Nextgov is concerned about the timing of this incident, given DHS’s involvement in the FIFA World Cups across the US and other activities the agency oversees.
Repeated security incidents involving US government agencies
While enterprises account for many of the cybersecurity incidents making headlines, US government agencies have also experienced a fair share of security lapses involving sensitive information.
In 2023, an HSIN misconfiguration allowed thousands of unauthorized users to view sensitive intelligence reports. Another happened in March, with more than 6,600 ICE records exposed.
More recently, in May, a contractor working with the Cybersecurity and Infrastructure Security Agency (CISA) accidentally exposed sensitive credentials and files tied to the agency’s internal operations in a public GitHub repository until a security researcher discovered and reported the incident.
Regardless of what evidence investigators find, the breach will likely go beyond a DHS issue. Every successful attack on a trusted government platform tests public confidence in the digital systems that quietly support emergency response, law enforcement coordination, and other services millions depend on every day.
Also read: AI agents are creating enterprise security gaps as autonomous tools gain access to browsers, SaaS apps, and sensitive business data faster than traditional controls can adapt.