The Department of Homeland Security has confirmed that hackers targeted its internal systems hosting sensitive data.
The incident was uncovered after an internal assessment by the department’s Office of Intelligence and Analysis, Nextgov reported first. The investigation found the hackers breached the Homeland Security Information Network (HSIN) servers and a SharePoint system used for collaborative purposes between late May and early June.
The Department’s Office of Intelligence and Analysis is responsible for providing the DHS, and other federal and local law enforcement agencies, with intelligence and analysis pertaining to national security issues. The DHS has not attributed the attack to any specific threat group, but it is continuing to investigate the incident, the report added.
The DHS did not immediately respond to a request for comment, but an unidentified spokesperson told Nextgov that the targeted system was an “unclassified legacy information-sharing environment.”
“We immediately took action to isolate the affected systems, mitigate the vulnerability, and launch a comprehensive forensic investigation,” the spokesperson said, adding that “there is no indication that classified networks were impacted.”
Recent Departmental Breaches
The incident marks the latest instance of a high-profile data leak tied to the organization, which is responsible for border, immigration, terrorist acts, cybersecurity, and maritime threats. In March, a group of hackers that goes by the moniker “Department of Peace” published alleged hacked data from the DHS that details surveillance contracts between the department, Immigration and Customs Enforcement, and around 6,000 companies.
Prior to that, in 2023, Wired reported that a misconfiguration in a DHS system exposed sensitive surveillance data to thousands of its users.
Attacks tied to legacy systems within the federal and local governments have continued to rise over the years, leading to increased concerns from lawmakers and security experts on the need for more comprehensive measures to tackle crippling attacks against critical infrastructure in the US.
Earlier this month, US Senator Mark R. Warner, D-VA, introduced the Combat Emerging Threats to Critical Infrastructure Act of 2026 bill in the Senate. The bill calls on the Cybersecurity and Infrastructure Security Agency to work with regulators and the security industry to develop updated cybersecurity measures to tackle malicious capabilities tied to advanced AI models. The bill, which is in the early stages of the congressional process, has not been passed.