enforcement/trade-press/
Contractor-linked GitHub leak exposes CISA, DHS credentials
A "Private CISA" repository connected to contractor Nightwing sat publicly accessible long enough that Hill Democrats are now demanding a briefing on remediation and contractor accountability.
Editorial brief
Researcher Brian Krebs reported Monday that a GitHub repository labeled "Private CISA," linked to government contractor Nightwing, publicly exposed authentication credentials, AWS GovCloud data, and internal CISA/DHS build-and-deploy documentation. The repository has since been removed. House Homeland Security ranking member Rep. Bennie Thompson and cyber subcommittee ranking member Rep. Delia Ramirez sent a Tuesday letter to acting CISA Director Nick Andersen demanding a briefing on the breach's scope, remediation steps, and corrective actions against contractor personnel. A separate letter came from Sen. Maggie Hassan. Nightwing referred questions to CISA; CISA declined to comment on congressional correspondence. Thompson and Ramirez also flagged CISA's recent workforce reductions as a potential contributing factor. Government Executive and Nextgov/FCW have not independently verified the repository's contents.
What was exposed
A GitHub repository labeled "Private CISA," attributed by independent journalist Brian Krebs to contractor Nightwing, reportedly contained authentication credentials, AWS GovCloud configuration data, and documentation describing how CISA internally builds, tests, and deploys software. Security researchers cited in Krebs's reporting called it "one of the most egregious government data leaks in recent history." The repository is no longer publicly accessible; neither Government Executive nor Nextgov/FCW independently confirmed its contents before removal.
The Hill's ask
House Homeland Security Committee ranking members Thompson and Ramirez want a briefing from acting Director Nick Andersen covering: how the leak occurred, what the security consequences are, what remediation is underway, and what corrective actions are being taken specifically against contractor personnel involved. Sen. Maggie Hassan sent a parallel letter. CISA's response (that it does not comment on congressional correspondence but replies to members directly) is standard practice and says nothing about the underlying facts. Nightwing has directed all inquiries to CISA.
The workforce angle
Thompson and Ramirez explicitly tied the incident to CISA's recent workforce reductions, arguing that a "substantially reduced workforce, coupled with the administration's indifference to security, created the conditions" for the lapse. That framing is a political claim, not a proven causal link, and CISA has not responded to it. Whether the staffing cuts materially degraded contractor oversight capacity is exactly what a briefing would need to address. The gap between the allegation and any confirmed chain of custody here is still wide.
Contractor accountability
The operative question for compliance professionals is narrower than the politics: what was Nightwing's obligation under its contract to prevent sensitive CISA-labeled materials from sitting in a public repository, and who was monitoring for exactly this kind of exposure? The letters ask about "corrective actions related to the contractor personnel involved," which suggests Congress believes the failure was attributable to specific individuals or oversight breakdowns, not just a misconfigured access control. Until CISA provides the briefing, the public record rests on a single reporter's findings and a repository that has since been scrubbed.
Published ·Updated ·Deep Fathom