DHS network intrusion was twice ruled a false positive before breach confirmed
Win McNamee/Getty Images
ByDavid DiMolfetta,
Cybersecurity Reporter, Nextgov/FCW
July 13, 2026 11:24 AM ET
Suspicious activity on the Homeland Security Information Network, which is being used to support World Cup games around the U.S., was first detected around mid-to-late May.
Department of Homeland Security personnel twice dismissed signs of cyber intruders inside the agency’s Homeland Security Information Network as harmless activity, allowing hackers to remain undetected inside for weeks and eventually steal credential files, according to an internal incident readout viewed by Nextgov/FCW.
HSIN was breached about two months ago, Nextgov/FCWfirst reported in late June. The network houses sensitive, unclassified data that’s shared between federal, state, local, industry and overseas partner organizations.
Department investigators have still not determined the affiliation of the hackers, according to two people with knowledge of an ongoing probe into the incident. DHS may send staff to...
Copyright of this story solely belongs to nextgov.com. To see the full text click HERE