The Department of Homeland Security’s mandate to carry out domestic surveillance has been a concern for privacy advocates since the organization was first created in the wake of the September 11 attacks. Now a data leak affecting the DHS’s intelligence arm has shed light not just on how the department gathers and stores that sensitive information—including about its surveillance of Americans—but on how it once left that data exposed to thousands of government and private sector workers and even foreign nationals who were never authorized to see it.
An internal DHS memo obtained by a Freedom of Information Act (FOIA) request and shared with WIRED reveals that from March to May of 2023, a DHS online platform used by the DHS Office of Intelligence and Analysis (I&A) to share sensitive but unclassified intelligence information and investigative leads among the DHS, the FBI, the National Counterterrorism Center, local law enforcement, and intelligence fusion centers across the US was misconfigured, accidentally exposing restricted intelligence information to all users of the platform.
Access to the data, according to a DHS inquiry described in the memo, was meant to be limited to users of the Homeland Security Information Network’s intelligence section, known as HSIN-Intel. Instead it was set to grant access to “everyone,” exposing the information to HSIN’s tens of thousands of users. The unauthorized users who had access included US government workers focused on fields unrelated to intelligence or law enforcement such as disaster response, as well as private sector contractors and foreign government staff with access to HSIN.
“DHS advertises HSIN as secure and says the information it holds is sensitive, critical national security information,” says Spencer Reynolds, an attorney for the Brennan Center for Justice who obtained the memo via FOIA and shared it with WIRED. “But this incident raises questions about how seriously they take information security. Thousands and thousands of users gained access to information they were never supposed to have.”
HSIN-Intel’s data includes everything from law enforcement leads and tips to reports on foreign hacking and disinformation campaigns, to analysis of domestic protest movements. The memo about the HSIN-Intel breach specifically mentions, for instance, a report discussing “protests relating to a police training facility in Atlanta”—likely the Stop Cop City protests opposing the creation of the Atlanta Public Safety Training Center—noting that it focused on “media praising actions like throwing stones, fireworks and Molotov cocktails at police.”
In total, according to the memo about the DHS internal inquiry, 439 I&A “products” on the HSIN-Intel portion of the platform were improperly accessed 1,525 times. Of those unauthorized access instances, the report found that 518 were private sector users and another 46 were non-US citizens. The instances of foreign user accesses were “almost entirely” focused on cybersecurity information, the report notes, and 39 percent of all the improperly accessed intelligence products involved cybersecurity, such as foreign state-sponsored hacker groups and foreign targeting of government IT systems. The memo also noted that some of the unauthorized US users who viewed the information would have been eligible to have accessed the restricted information if they’d asked to be considered for authorization.
“When this coding error was discovered, I&A immediately fixed the problem and investigated any potential harm,” a DHS spokesperson told WIRED in a statement. “Following an extensive review, multiple oversight bodies determined there was no impactful or serious security breach. DHS takes all security and privacy measures seriously and is committed to ensuring its intelligence is shared with federal, state, local, tribal, territorial, and private sector partners to protect our homeland from the numerous adversarial threats we face.”
The Office of the Director of National Intelligence, which oversees US intelligence agencies, didn’t respond to a request for comment.
Although the exposure occurred under the Biden administration, the memo highlights the risks of surveillance data collected on Americans that persists under the current administration, argues Jeramie Scott, the director of the Surveillance Oversight Program at the Electronic Privacy Information Center, a digital rights nonprofit. In fact, he argues, the relative lack of transparency of the Trump administration and DHS’s hostility to oversight measures suggests that if a similar data breach occurred now, the public might never know. As an example, he points to the effective shuttering of the 150-person DHS oversight arm known as the Office for Civil Rights and Civil Liberties. “If this was occurring then, is this type of thing going to be captured now?” Scott asks. “Everyone should be concerned about the fact that things like this happen, and oversight has only deteriorated since this incident occurred.”
According to the memo about the DHS’s inquiry into its intelligence exposure, the DHS Office of Privacy initially considered the breach to have had “minimal to low impact.” But the author of the memo, whose name has been redacted in the form released under FOIA, determined that the Office of Privacy hadn’t fully considered the personally identifiable information (PII) exposed in the breach, particularly that of Americans, contradicting that “low impact” assessment. The memo recommended as one finding of the inquiry that I&A retrain staff on the definitions of PII.
Two pieces of legislation currently before Congress seek to reform or restrict DHS’s surveillance powers, one called the Strengthening Oversight of DHS Intelligence Act and another that would amend the Intelligence Authorization Act of 2026 to place new restrictions on funding for some DHS domestic surveillance programs. The Brennan Center’s Reynolds notes, however, that the amendments have specific exceptions for DHS’s sharing of intelligence with other government agencies or contractors, so likely wouldn’t affect HSIN-Intel.
The memo about the DHS’s inquiry into the HSIN-Intel data exposure, Reynolds also points out, doesn’t assess the effects of the breach on all of the other organizations whose data was leaked in the incident, or even mention that other agencies’ troves of sensitive data were impacted. “Given the volume of data, it’s highly likely they would have been,” Reynolds says. “This should raise alarm bells for the agencies nationwide who trust the Office of Intelligence and Analysis with their information.”
More broadly, EPIC’s Scott argues that the breach should concern not just the DHS or its partner agencies, but everyone who potentially falls under the DHS’s surveillance remit—in other words, every American. “It affects everyone in the US because of the broadness of the surveillance and intelligence programs that they conduct,” says Scott. “We’re talking about an agency that’s doing domestic intelligence. This implicates all of us.”
