The U.S. Department of Homeland Security (DHS) is investigating a confirmed cyber incident involving a legacy information-sharing environment reportedly identified as the Homeland Security Information Network (HSIN), a platform used to exchange sensitive but unclassified information with thousands of government, law enforcement, emergency management, and private sector partners.
DHS acknowledged the incident in a public statement but did not identify the affected system by name. Multiple reports citing officials familiar with the investigation identified the compromised platform as HSIN, an environment widely used to coordinate information between federal agencies, state and local governments, tribal organizations, critical infrastructure operators, and international partners. DHS had not released additional technical details at the time of publication.
Investigation focuses on HSIN infrastructure
According to reports, investigators believe the intrusion occurred between late May and early June. The threat actor allegedly gained access to HSIN servers as well as a SharePoint-based collaboration environment used by participating organizations.
DHS said it is investigating what it described as “a recent cyber incident involving a specific, unclassified legacy information sharing environment.” The department has not disclosed how the attackers gained access, whether data was exfiltrated, or who may be responsible for the intrusion.
Officials also have not said whether the breach has been fully contained or whether partner organizations using HSIN have been notified of any specific risks.
No evidence classified networks were compromised
While the affected environment reportedly stores sensitive operational information, DHS said there is currently no indication that classified government systems were impacted.
That distinction is significant because HSIN is designed to distribute Sensitive But Unclassified (SBU) information rather than classified intelligence. The platform supports information sharing across thousands of organizations involved in homeland security, disaster response, critical infrastructure protection, law enforcement coordination, and major event planning.
Although the information hosted on HSIN is not classified, unauthorized access could still expose operational planning documents, security coordination activities, investigative information, and other data that could aid future attacks or intelligence collection.
National security concerns raised
The incident has prompted concern among lawmakers due to the role HSIN plays in coordinating security operations across multiple levels of government.
Senator Mark Warner, vice chair of the Senate Intelligence Committee, said the information shared through the platform is highly sensitive despite its unclassified designation and warned that any unauthorized exposure could carry national security implications.
At this stage, officials have not disclosed what information, if any, was accessed during the intrusion, and no threat actor has publicly claimed responsibility.
Legacy systems remain attractive targets
The incident also highlights the continued security challenges posed by older government collaboration platforms. While DHS referred to the affected environment as a legacy information-sharing system, the department has not identified any exploited vulnerability or confirmed whether compromised credentials, software flaws, or another attack method enabled the intrusion.
The investigation comes as federal agencies continue responding to increasingly sophisticated intrusions targeting government systems and trusted technology platforms. Earlier this month, the FBI issued a FLASH warning on TeamPCP supply chain attacks and extortion activity, highlighting the growing focus on organizations that support critical public and private sector operations.
Without additional forensic findings, it remains unclear whether the attackers maintained persistent access, whether partner organizations face downstream risks, or whether the compromise was limited to a single environment.
DHS said the investigation remains ongoing.












