Lawmakers Demand Answers as CISA Tries to Contain Data Leak
7 hours ago
- #government contractor risk
- #cybersecurity breach
- #GitHub security lapse
- A CISA contractor deliberately leaked AWS GovCloud keys and sensitive credentials on a public GitHub account, disabling GitHub's security protections.
- Lawmakers, including Senator Maggie Hassan and Representative Bennie Thompson, are questioning CISA's security policies and management of contractors, citing risks from adversaries.
- Despite notifications, CISA took over a week to invalidate some credentials, with an exposed RSA key allowing deep access to internal repositories before being revoked.
- Experts note that attackers likely monitor GitHub for such leaks, and the incident highlights human factors and contractor oversight as key vulnerabilities, not just technical controls.