Lawmakers Demand Answers as CISA Tries to Contain Data Leak
Lawmakers are pressing the U.S. Cybersecurity & Infrastructure Security Agency (CISA) for answers following a significant data leak involving AWS GovCloud keys. A contractor reportedly published sensitive agency secrets on a public GitHub account, raising concerns about CISA's internal security protocols. The agency is currently working to contain the breach and invalidate the exposed credentials while facing scrutiny from Congress.
- ▪A CISA contractor published AWS GovCloud keys and other sensitive information on a public GitHub account.
- ▪Lawmakers are demanding answers regarding the breach and the agency's internal security measures.
- ▪CISA is still working to invalidate the leaked credentials and has acknowledged the incident.
Opening excerpt (first ~120 words) tap to expand
May 22, 2026 0 Comments Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets on a public GitHub account. The inquiry comes as CISA is still struggling to contain the breach and invalidate the leaked credentials. On May 18, KrebsOnSecurity reported that a CISA contractor with administrative access to the agency’s code development platform had created a public GitHub profile called “Private-CISA” that included plaintext credentials to dozens of internal CISA systems.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at Krebsonsecurity.
Discussion
0 commentsMore from Krebsonsecurity
