Massive CISA credential leak left government systems vulnerable for months

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) suffered a major data leak after a government contractor accidentally uploaded highly sensitive login credentials to a public GitHub repository.

Security firm GitGuardian found the leak in May 2026. The archive - ironically named “Private‑CISA” - contained admin keys for three AWS GovCloud servers and a spreadsheet with passwords for many internal systems.

The mistake happened because the contractor tried to sync work files with a personal device. Experts are calling it one of the most embarrassing and serious security failures for a U.S. government agency.

Read the full story on Gizmodo →