FBI declares surveillance network breach a "major incident" amid mounting national security concerns

The Federal Bureau of Investigation has formally classified a sophisticated breach of its internal surveillance systems as a "major incident" under federal law, a designation signaling that the intrusion poses a significant risk to U.S. national security.

The breach, first detected on February 17, 2026, targeted the bureau’s Digital Collection System Network (DCSNet), specifically the DCS-3000 system, also known as "Red Hook." This infrastructure is used to manage court-authorized wiretaps and process "pen register" and "trap-and-trace" data. That is metadata that reveals who targets are calling and messaging, though it reportedly does not include the audio content of conversations.

Sophisticated "Supply Chain" attack

According to notices sent to Congress under the Federal Information Security Modernization Act (FISMA), the attackers did not breach the FBI’s perimeter directly. Instead, they leveraged a "supply chain" vulnerability by compromising a commercial Internet Service Provider (ISP) used by the bureau.

While the FBI hasn't officially named a culprit, investigators are focusing on Salt Typhoon, a threat actor linked to China’s Ministry of State Security.

The compromised data includes phone numbers, call metadata, and personally identifiable information of subjects under active FBI investigation.

Suspicious activity was first flagged by analysts at the FBI’s Virgin Islands office after they noticed abnormal log activity.

National security implications

By labeling the event a "major incident," the FBI is required to notify Congress within seven days and coordinate a response with the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA).

Experts warn that if foreign intelligence services accessed these target lists, they could identify which of their own assets or undercover operatives are currently being monitored by U.S. law enforcement. This breach follows a string of high-profile cyber incidents, including a separate Iran-linked compromise of FBI Director Kash Patel's personal email account earlier this year.