On February 17, 2026, the FBI began investigating abnormal activity in an unclassified system — DCS-3000 (known as Red Hook), part of its Digital Collection System Network (DCSNet) — used to manage court-authorized wiretaps, pen registers, and trap-and-trace surveillance operations. By March 4, the FBI formally notified lawmakers and labeled it a ‘major cyber incident’ under federal data security law. The breach was localized to FBI systems in the US Virgin Islands. The suspected intruders are China-linked (attributed with medium confidence to Salt Typhoon or related PRC actors by multiple reports). Attackers accessed PII of individuals under active FBI investigation and potentially the identities of surveillance targets, including wiretap subjects — a significant counterintelligence risk. Access was gained by exploiting a commercial ISP vendor’s infrastructure, consistent with prior Salt Typhoon telecom supply chain TTPs.