CISA Admitted to Improvising Response After Contractor Leaked Credentials

AI-generated image · US National Wire
The federal agency tasked with national cyber defense lacked a prepared playbook when sensitive government access keys were exposed on GitHub.
The Cybersecurity and Infrastructure Security Agency (CISA) revealed in a postmortem report that it lacked a prepared response plan for a security incident occurring in May, according to TechCrunch. The agency admitted its staff had to build a response playbook during the early stages of the event, rather than having one ready for implementation.
As reported by TechCrunch, the incident began when a security researcher from the firm GitGuardian discovered a publicly accessible GitHub repository containing sensitive keys and credentials for U.S. government systems. The repository had been uploaded by an employee of a CISA contractor, which TechCrunch's report does not name. Independent journalist Brian Krebs reported that the researcher initially attempted to alert the contractor without success. CISA only took the repository offline and replaced the exposed credentials after Krebs contacted the agency.
CISA stated that no mission or customer data was exposed, though the agency acknowledged its notification channels for security researchers were previously ill-defined.
The admission comes as CISA has been without a permanent director since President Donald Trump's second term began in January 2025. TechCrunch reports that since Trump took office, the agency has been impacted by layoffs, furloughs, and cuts affecting approximately one-third of its workforce.

