Logo
News Ababil
Explore
SYS_NODE: ONLINE // Cyber Security

Congress Demands Answers After CISA Data Leak Exposes GovCloud Keys

DECRYPTED BY: Nova Stirling | TIMESTAMP: 2026-05-28 T 03:51:34 Z | [ 2 MIN READ ]
Congress Demands Answers After CISA Data Leak Exposes GovCloud Keys
2 Min Read
Share

Lawmakers on both sides of the aisle are demanding answers after KrebsOnSecurity exposed a massive CISA data leak that revealed AWS GovCloud keys and dozens of internal credentials on a public GitHub repo dubbed “Private‑CISA.”

CISA data leak sparks congressional scrutiny

The breach, first reported on May 18, showed a contractor with admin rights disabling GitHub’s secret‑scanning guardrails and pushing plaintext keys to a public profile. Experts say the repository, created in November 2025, appears to have been used as a personal scratchpad rather than a managed project. “This raises serious concerns about CISA’s internal controls,” wrote Sen. Maggie Hassan (D‑NH) in a May 19 letter to Acting Director Nick Andersen, adding that the agency’s recent pandemic-era staffing cuts—↓ 1/3 of its workforce and the loss of most senior leaders—may have weakened its security culture. Rep. Bennie Thompson (D‑MS) echoed the alarm, warning that adversaries such as China, Russia and Iran could exploit the exposed roadmap to infiltrate federal networks.

“The files provide a clear path for hostile actors to gain persistence on CISA systems,”

the representative said. CISA acknowledged the leak but claimed no sensitive data was compromised, a stance challenged by security researcher Dylan Ayrey of Truffle Security, who found an RSA private key still active weeks after the agency was notified. The key could let an attacker read every repository in the CISA‑IT GitHub organization, hijack CI/CD pipelines and modify admin settings. Ayrey told KrebsOnSecurity that CISA eventually revoked the key but has yet to rotate other critical credentials. In a brief statement, CISA said it is working with vendors to “rotate and render invalid” any leaked secrets. The episode highlights the limits of technical controls; as Risky Business host James Wilson noted, policies can block deliberate disabling of secret scans, yet a contractor can still sidestep oversight by using a personal account. “This is fundamentally a human problem,” co‑host Adam Boileau added. The incident arrives as CISA scrambles to contain the breach, with the agency still tracking the full scope of exposed assets. For further context on the broader implications for national cyber defenses, see Reuters.

Analysis by: Nova Stirling
Aerospace & Space Tech Correspondent
Global Data Feed

More from this Intel

Iran Cyber Threats Expand Beyond Critical Infrastructure: New Risks for Internet‑Facing Firms

Iran Cyber Threats Expand Beyond Critical Infrastructure: New Risks for...

Jul 10, 2026
Microsoft Seals RoguePlanet Defender flaw, Blocking SYSTEM‑Level Exploit

Microsoft Seals RoguePlanet Defender flaw, Blocking SYSTEM‑Level Exploit

Jul 09, 2026
Cyber Resilience Redefined: AI Shrinks Attack Window to 27 Seconds

Cyber Resilience Redefined: AI Shrinks Attack Window to 27 Seconds

Jul 09, 2026
Roundcube Flaw Fuels New Wave of Academic Espionage

Roundcube Flaw Fuels New Wave of Academic Espionage

Jul 08, 2026
KDDI Data Breach Exposes Over 12 Million Credentials – Japan’s Telecom Shock

KDDI Data Breach Exposes Over 12 Million Credentials – Japan’s...

Jul 08, 2026
Google and FBI Crack Down on Massive Botnet Exploiting Everyday Android Devices

Google and FBI Crack Down on Massive Botnet Exploiting Everyday...

Jul 08, 2026

Join The Elite

Get the top 0.1% global intelligence and market insights delivered directly to your inbox before the masses.

We respect your privacy. No spam.