DHS Data Breach Exposes Sensitive Intelligence Information to Thousands of Unauthorized Users, Raising Security Concerns

The oversight of domestic surveillance by the Department of Homeland Security (DHS) has long been a point of contention for privacy advocates, since its inception post-9/11 attacks. A recent data leak within DHS’s intelligence division has cast light on not only their methods of gathering and storing sensitive information, including surveillance data pertaining to American citizens, but also on how they unintentionally left this data exposed to an extensive array of government officials, private sector workers, and even foreign nationals who were not authorized to access it.

This article is freely available due to its primary basis in reporting from Freedom of Information Act (FOIA) requests. We invite readers to support our journalism through subscription.

An internal DHS memo, obtained via a FOIA request and subsequently shared with us, details a lapse in security from March to May 2023 within the DHS Office of Intelligence and Analysis’s (I&A) online platform. This platform is utilized by the DHS, FBI, National Counterterrorism Center, local law enforcement agencies, and intelligence fusion centers across the US for the sharing of sensitive but unclassified intelligence information and investigative leads.

The misconfiguration in this system inadvertently granted access to restricted intelligence data to all users of the platform, instead of limiting it to users of Homeland Security Information Network’s (HSIN) intelligence section, known as HSIN-Intel. This error exposed the information to HSIN’s numerous users, which included US government personnel outside the realm of intelligence or law enforcement—such as disaster response teams—as well as private sector contractors and foreign government staff with access to HSIN.

“DHS claims that HSIN is secure and maintains that the information it houses is sensitive, critical national security data,” states Spencer Reynolds, an attorney for the Brennan Center for Justice, who obtained the memo via FOIA and shared it with us. “However, this incident raises questions about their dedication to information security. Thousands of users were granted access to information that they were never intended to have.”

HSIN-Intel’s data encompasses a wide range of information, including law enforcement leads and tips, reports on foreign hacking and disinformation campaigns, as well as analyses of domestic protest movements. The memo discussing the HSIN-Intel breach mentions, for instance, a report focusing on “protests related to a police training facility in Atlanta”—presumably referring to the Stop Cop City protests opposing the development of the Atlanta Public Safety Training Center—and detailing media coverage praising actions such as throwing stones, fireworks, and Molotov cocktails at law enforcement.

According to the memo regarding the DHS internal inquiry, 439 I&A “products” from the HSIN-Intel section of the platform were improperly accessed 1,525 times. Of these unauthorized access instances, the report found that 518 were private sector users and another 46 were non-US citizens. The instances of foreign user accesses were primarily focused on cybersecurity information, the report notes, and 39% of all improperly accessed intelligence products involved cybersecurity, such as foreign state-sponsored hacker groups and foreign targeting of government IT systems. The memo also noted that some of the unauthorized US users who viewed the information would have been eligible to access the restricted information if they had requested authorization.

“Once the coding error was discovered, I&A immediately rectified the problem and conducted an investigation into any potential harm,” a DHS spokesperson told us in a statement. “Following an exhaustive review, multiple oversight bodies determined there was no significant or severe security breach. The DHS takes all security and privacy measures seriously and is committed to ensuring its intelligence is shared with federal, state, local, tribal, territorial, and private sector partners to safeguard our homeland from the numerous adversarial threats we face.”