FBI Declares Breach of Its Surveillance Network Infrastructure a 'Major Incident'

The Federal Bureau of Investigation has formally classified last month's breach of the networks it uses to manage wiretaps and other court-authorized surveillance operations as a 'major incident,' Bloomberg reported, a designation that reflects the severity of the intrusion and triggers additional federal reporting and remediation obligations. The FBI had previously launched a criminal investigation into the breach and taken steps to harden its cybersecurity posture following the intrusion. The formal major incident classification, typically applied when a breach involves significant harm to national security, public safety, or sensitive law enforcement operations, indicates the agency's assessment that the compromise was more consequential than initially disclosed. The networks affected are used to manage the technical infrastructure for legally authorized surveillance under the Communications Assistance for Law Enforcement Act, commonly known as CALEA. These systems handle information about active wiretap subjects, court orders, and law enforcement agency coordination, making any unauthorized access potentially compromising to ongoing criminal and national security investigations. The identity of the threat actor responsible for the breach has not been publicly disclosed. Law enforcement surveillance infrastructure has been a recurring target for foreign intelligence services, which have strategic interest in identifying who is under FBI monitoring and potentially alerting targets. The breach follows a pattern of significant intrusions into US government and law enforcement networks in recent years. The 2024 Salt Typhoon campaign against US telecommunications carriers, which also targeted CALEA infrastructure, demonstrated that adversaries consider surveillance network access a high-priority intelligence objective. Congress has been briefed on the incident, according to people familiar with the matter. Oversight committees are expected to request detailed information about the scope of the compromise and the remediation timeline.