CISA Data Leak Prompts Congressional Investigation Demands
Original: CISA tries to contain data leak
Why This Matters
Major security breach at the agency responsible for U.S. cybersecurity oversight
U.S. lawmakers demand answers from CISA after a contractor published AWS GovCloud keys and internal secrets on public GitHub. The May 2026 breach exposed credentials to dozens of systems, with the repository active since November 2025.
Congressional leaders are demanding explanations from the Cybersecurity & Infrastructure Security Agency after KrebsOnSecurity revealed a CISA contractor intentionally published sensitive credentials on GitHub. The 'Private-CISA' repository contained plaintext AWS GovCloud keys and access to dozens of internal systems. Security firm GitGuardian first notified CISA of the breach. Senator Maggie Hassan and Rep. Bennie Thompson sent letters questioning CISA's security procedures, noting the incident occurred as the agency lost over a third of its workforce under Trump administration changes. The repository was created in November 2025 and used as a working scratchpad. CISA claims no sensitive data was compromised, but experts say the exposed credentials provided adversaries a roadmap to federal networks. Over a week after notification, CISA is still working to invalidate exposed keys and secrets.