HN
Today

Lawmakers Demand Answers as CISA Tries to Contain Data Leak

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is under fire after a contractor inadvertently exposed critical AWS GovCloud keys and agency secrets on a public GitHub repository. This stunning security lapse, despite CISA's mission to protect U.S. infrastructure, has prompted urgent inquiries from lawmakers and raised serious questions about internal protocols. It highlights a critical "human problem" in cybersecurity: preventing individuals from bypassing security measures when handling sensitive data.

5
Score
1
Comments
#11
Highest Rank
2h
on Front Page
First Seen
May 22, 6:00 PM
Last Seen
May 22, 7:00 PM
Rank Over Time
2211

The Lowdown

The U.S. Cybersecurity & Infrastructure Security Agency (CISA), an organization responsible for protecting national infrastructure from cyber threats, finds itself in hot water following a significant data leak. A contractor with administrative access to CISA's systems publicly posted AWS GovCloud keys and a trove of other agency secrets on a personal GitHub account, leading to demands for answers from concerned lawmakers. This incident underscores the inherent challenges in enforcing cybersecurity protocols, even within agencies dedicated to the field.

  • The Leak: A CISA contractor established a public GitHub repository named "Private-CISA," exposing plaintext credentials to numerous internal CISA systems, including AWS GovCloud keys. The contractor reportedly disabled GitHub's built-in protections against publishing sensitive credentials.
  • Duration and Impact: The repository was active since November 2025. Despite CISA's initial claims of no sensitive data compromise, security experts, including Dylan Ayrey of TruffleHog, confirmed the leak exposed critical access, such as an RSA private key granting full control over CISA's GitHub organization.
  • Lawmaker Scrutiny: Senator Maggie Hassan and Representatives Bennie Thompson and Delia Ramirez have formally demanded explanations from CISA, expressing serious concerns about the agency's internal policies and security culture, especially given recent workforce disruptions.
  • Ongoing Vulnerability: Even after initial notification, CISA reportedly struggled to invalidate all exposed credentials, with some critical keys remaining active for a period. Experts warn that cybercriminals and state-sponsored actors actively monitor public code platforms for such vulnerabilities.
  • Human Factor: Security experts suggest this incident is less a technical failing and more a "human problem," where an individual contractor circumvented security measures by using an unsupervised personal GitHub account for work-related synchronization.

The incident serves as a stark reminder that even top cybersecurity agencies are not immune to human error and policy shortcomings, highlighting the persistent struggle to prevent internal data exposure, especially from contractors operating outside official channels.