DHS Data Leak Reveals Unauthorized Access to Sensitive Intelligence Information Among Thousands of Users

The authority granted to the Department of Homeland Security (DHS) to conduct domestic surveillance has been a subject of debate among privacy advocates since its inception following the September 11 attacks. A recent data leak involving DHS’s intelligence division has shed light not only on how the department collects and stores sensitive information, including that related to its surveillance of American citizens, but also on how it previously left this data exposed to an unauthorized audience.

This article is freely accessible due to its primary source being Freedom of Information Act (FOIA) requests. We encourage your support for our journalism through subscription.

An internal DHS memo, obtained via a FOIA request and shared with us, reveals that between March and May of 2023, a DHS online platform used by the DHS Office of Intelligence and Analysis (I&A) to share sensitive but unclassified intelligence information and investigative leads among various entities including the DHS, FBI, National Counterterrorism Center, local law enforcement, and intelligence fusion centers across the US, was misconfigured. As a result, restricted intelligence data was accidentally made available to all users of the platform.

Access to this data was intended to be limited to users of the Homeland Security Information Network’s (HSIN) intelligence section, known as HSIN-Intel. However, it was set to grant access to “everyone,” exposing the information to HSIN’s vast user base. The unauthorized users who gained access included US government workers specializing in areas unrelated to intelligence or law enforcement such as disaster response, along with private sector contractors and foreign government personnel with access to HSIN.

“DHS advertises HSIN as secure and claims that the information it holds is sensitive, critical national security information,” comments Spencer Reynolds, an attorney for the Brennan Center for Justice who obtained the memo via FOIA and shared it with us. “However, this incident raises questions about how seriously they prioritize information security. Thousands of unauthorized users were granted access to information they were never meant to have.”

HSIN-Intel’s data encompasses a wide range of information, from law enforcement leads and tips to reports on foreign hacking and disinformation campaigns, to analysis of domestic protest movements. The memo detailing the HSIN-Intel breach specifically mentions a report discussing “protests related to a police training facility in Atlanta”—likely referring to the Stop Cop City protests against the proposed Atlanta Public Safety Training Center—noting that it focused on “media praising actions such as throwing stones, fireworks, and Molotov cocktails at police.”

In total, according to the memo about the DHS internal investigation, 439 I&A “products” on the HSIN-Intel section of the platform were improperly accessed 1,525 times. Of these unauthorized access instances, the report found that 518 were private sector users and another 46 were non-US citizens. The instances of foreign user accesses were “predominantly” focused on cybersecurity information, the report notes, and 39% of all the improperly accessed intelligence products involved cybersecurity, such as foreign state-sponsored hacker groups and foreign targeting of government IT systems. The memo also noted that some of the unauthorized US users who viewed the information would have been eligible to access the restricted information if they’d requested authorization.

“When this coding error was discovered, I&A promptly rectified the issue and investigated any potential damage,” a DHS spokesperson told us in a statement. “Following an extensive review, multiple oversight bodies determined there was no significant or serious security breach. DHS takes all security and privacy measures seriously and is committed to ensuring its intelligence is shared with federal, state, local, tribal, territorial, and private sector partners to safeguard our homeland from the multitude of adversarial threats we face.”