8 reported2 unconfirmed
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) revealed that it did not have a prepared response plan when it learned of a cybersecurity incident in May. According to a postmortem report released Friday, CISA staff had to build a playbook during the early stages of the incident. The incident began after an investigative journalist notified the agency that a contractor had exposed sensitive keys and credentials for accessing U.S. government systems in a public GitHub repository. CISA stated that no customer or mission data was exposed and that it has since improved its channels for security researchers to report potential incidents. The agency has been without a permanent director since January 2025 and has experienced workforce cuts affecting about a third of its staff.
What’s reported
CISA said it did not have a prepared response plan for handling the May cybersecurity incident.
The agency revealed in a postmortem report that staff had to build a playbook during the early stages of the incident.
Independent cybersecurity journalist Brian Krebs reported in May that a security researcher with GitGuardian alerted him to exposed passwords in a public GitHub repository uploaded by a CISA contractor.
Only after Krebs contacted CISA did the agency take the repository offline and revoke and replace the exposed credentials.
CISA said no customer or mission data was exposed in the incident.
CISA said its channels for security researchers to notify the agency were not well defined and have since been improved.
CISA has been without a permanent director since the start of President Donald Trump’s second term in January 2025.
The agency has been affected by cuts, furloughs, and layoffs affecting about a third of its workforce since Trump took office.
Open questions
How long the missing playbook delayed CISA’s response.
The specific contractor involved and the exact number of exposed credentials.
Key figures
Brian Krebs, independent cybersecurity journalist
GitGuardian, cyber firm (researcher not named)
CISA (U.S. Cybersecurity and Infrastructure Security Agency)
President Donald Trump
Sources: TechCrunch