A recent data leak at the Department of Homeland Security (DHS) has raised new concerns about the agency’s handling of sensitive information. The leak, which occurred on an intelligence-sharing platform used by DHS, left national security data—including intelligence on the surveillance of Americans—exposed to thousands of unauthorized users. Since its creation, the DHS has faced scrutiny from privacy advocates for its domestic surveillance programs, and this incident sheds light on not just how the department gathers and stores this data, but how it once left it exposed to a wide range of individuals who were never meant to see it.
An internal DHS memo, obtained through a Freedom of Information Act (FOIA) request, reveals the details of the incident. From March to May of 2023, a platform managed by the DHS Office of Intelligence and Analysis (I&A) was misconfigured. This platform, which is designed to share sensitive but unclassified intelligence with various partners like the FBI, local law enforcement, and intelligence fusion centers, was set to grant access to “everyone” instead of the intended limited group of users on the Homeland Security Information Network’s intelligence section (HSIN-Intel). As a result, tens of thousands of users gained access to restricted intelligence.
The unauthorized users who had access included US government employees in fields unrelated to intelligence or law enforcement, such as disaster response. The data was also exposed to private-sector contractors and foreign government staff who had access to HSIN for other purposes. According to Spencer Reynolds, an attorney for the Brennan Center for Justice who obtained the memo, this incident raises serious questions about the DHS’s commitment to information security, especially since the department advertises the platform as secure for critical national security information.
The exposed data included a wide range of sensitive materials, from law enforcement leads and reports on foreign hacking to analysis of domestic protest movements. For example, the memo specifically mentioned a report on protests related to a police training facility in Atlanta—likely the “Stop Cop City” protests—which focused on media praising illegal actions against the police. The incident demonstrated the broad scope of information the platform holds and the potential risks when it is not properly secured.
Ultimately, the DHS inquiry found that 439 I&A “products” were improperly accessed 1,525 times. Of those instances, 518 were by private-sector users and 46 by non-US citizens, primarily focused on cybersecurity information. The DHS spokesperson stated that the coding error was immediately fixed and that an extensive review determined there was “no impactful or serious security breach.” However, the incident highlights ongoing concerns about the protection of sensitive national security information and the breadth of access granted to individuals outside of core intelligence functions.
Reference:
