DHS Data Hub Leaked Sensitive Intel to Thousands
▼ Summary
– A DHS online platform misconfigured from March to May 2023, exposing sensitive intelligence to all users instead of just authorized personnel.
– The exposed data included law enforcement leads, foreign hacking reports, and analysis of domestic protests like the Atlanta training center demonstrations.
– Unauthorized access involved thousands of users, including private sector contractors, foreign nationals, and US government workers in unrelated fields.
– The breach resulted in 1,525 improper accesses of 439 intelligence products, with cybersecurity information being the most frequently viewed by foreign users.
– DHS stated it fixed the error immediately and determined there was no serious security breach, though privacy advocates question their information security commitment.
A significant data leak within the Department of Homeland Security has exposed sensitive intelligence to thousands of unauthorized individuals, raising serious questions about the agency’s internal security protocols. The breach, which occurred over a two-month period in early 2023, allowed government employees, private contractors, and even foreign nationals to access restricted information intended only for authorized intelligence personnel.
An internal memo obtained through a Freedom of Information request reveals that a misconfigured online platform used by the DHS Office of Intelligence and Analysis inadvertently shared classified investigative data with all users of the Homeland Security Information Network’s intelligence section. Instead of limiting visibility to a select group, the system was set to grant access to “everyone,” effectively exposing intelligence products to tens of thousands of people who should never have seen them.
Among those who gained unauthorized entry were U.S. government staff working in unrelated fields like disaster response, private sector contractors, and foreign government personnel with network access. The exposed materials included law enforcement tips, reports on foreign hacking operations, disinformation campaigns, and analyses of domestic protest movements.
One specific example highlighted in the memo was a report discussing protests in Atlanta related to a police training facility, which detailed actions such as throwing projectiles and incendiary devices at law enforcement. In total, 439 intelligence products were accessed improperly 1,525 times during the breach. Private sector users accounted for 518 of those accesses, while non-U.S. citizens were responsible for 46.
Notably, nearly 40% of the improperly viewed intelligence involved cybersecurity matters, including foreign state-sponsored hacking groups and targeting of government IT systems. The memo also indicated that some U.S. users who viewed the information might have been eligible for access had they requested proper authorization.
A DHS spokesperson stated that the coding error was fixed immediately upon discovery and that an extensive review concluded there was no impactful or serious security breach. The department emphasized its commitment to sharing intelligence with authorized partners to protect national security.
Privacy advocates, however, remain concerned. Spencer Reynolds, an attorney with the Brennan Center for Justice, noted that the incident undermines the DHS’s claims about the security of its systems. “This raises real questions,” he said, “about how seriously they take information security when thousands of users saw things they never should have.”
(Source: Wired)