The security failure emerged after journalist Brian Krebs received a tip from a researcher at GitGuardian regarding a massive cache of passwords uploaded by a CISA contractor. While the researcher initially attempted to contact the vendor directly without success, the repository remained accessible until Krebs flagged the issue to the agency. CISA eventually took the files offline and rotated the compromised credentials, confirming that no mission-critical data was actually exfiltrated during the exposure.
CISA admits to building incident response on the fly
When a contractor left sensitive U.S. government credentials exposed in a public GitHub repository this May, the Cybersecurity and Infrastructure Security Agency found itself without a survival guide. CISA officials admitted they were forced to draft an incident response playbook while the breach was already unfolding in real time.

In a post-mortem report released Friday, the agency acknowledged that its notification channels for outside researchers were poorly defined at the time of the incident. This lack of procedural clarity coincided with significant internal instability at the agency, which has operated without a permanent director since January 2025. Facing budget cuts and layoffs that have reduced its workforce by approximately one-third under the current administration, CISA is now attempting to formalize its response protocols to avoid similar improvisations during future security threats.




Comments (0)
No comments yet. Be the first!