Massive intelligence breach raises alarms over US domestic surveillance security

A recent data leak at the US Department of Homeland Security’s (DHS) Office of Intelligence and Analysis (I&A) has exposed sensitive surveillance information to thousands of unauthorized users, raising serious concerns about the security of domestic intelligence data.

An internal memo obtained through a Freedom of Information Act (FOIA) request, shared with WIRED, revealed that between March and May 2023, a misconfiguration on the Homeland Security Information Network’s intelligence section (HSIN-Intel) allowed tens of thousands of users—including private contractors, unrelated government workers, and foreign nationals—to access restricted intelligence data, Wired reports.

The memo states that access to HSIN-Intel was supposed to be limited, but instead, the platform granted broad access to “everyone,” exposing 439 intelligence “products” 1,525 times. Of these unauthorized accesses, 518 involved private sector users, and 46 were non-US citizens, mostly accessing cybersecurity-related data on foreign hacking and state-sponsored cyber threats.

“DHS advertises HSIN as secure and says the information it holds is sensitive, critical national security information,” said Spencer Reynolds, attorney for the Brennan Center for Justice. “But this incident raises questions about how seriously they take information security. Thousands and thousands of users gained access to information they were never supposed to have.”

The breach exposed reports on topics ranging from foreign disinformation campaigns to domestic protests, including a report on the “Stop Cop City” demonstrations in Atlanta.

A DHS spokesperson responded, stating, “When this coding error was discovered, I&A immediately fixed the problem and investigated any potential harm...multiple oversight bodies determined there was no impactful or serious security breach.”

However, privacy advocates remain concerned. Jeramie Scott of the Electronic Privacy Information Center noted, “If this was occurring then, is this type of thing going to be captured now? Everyone should be concerned about the fact that things like this happen, and oversight has only deteriorated since this incident occurred.”

The memo also criticized DHS’s Office of Privacy for underestimating the breach’s impact, particularly regarding the exposure of personally identifiable information (PII) of Americans, and recommended staff retraining.

Current congressional efforts seek to reform DHS surveillance, but concerns about transparency and oversight persist. Reynolds warns, “Given the volume of data, it’s highly likely [other agencies’ data] would have been impacted... This should raise alarm bells for the agencies nationwide who trust the Office of Intelligence and Analysis with their information.”

By Vafa Guliyeva