Sen. Maggie Hassan, D-N.H., is pressing the Cybersecurity and Infrastructure Security Agency (CISA) for answers about the reported exposure of agency accounts and passwords on a public database.
In a May 19 letter to acting CISA Director Nick Andersen, Hassan requested a classified briefing about the incident by June 5.
“This reported incident raises serious questions about how such a security lapse could occur at the very agency charged with helping to prevent cyber breaches,” Hassan wrote in her request.
Independent journalist Brian Krebs first reported the incident. According to his reporting, security researchers uncovered a public GitHub repository that exposed internal credentials for CISA and Department of Homeland Security (DHS) accounts.
According to the report, one of the files included the administrative credentials to three Amazon AWS GovCloud accounts. Other exposed assets reportedly included cloud access keys, authentication tokens, plaintext passwords, and system logs.
An employee of government contractor Nightwing allegedly maintained the GitHub account.
Guillaume Valadon, a researcher with the security firm GitGuardian, found the public repository.
“This is indeed the worst leak that I’ve witnessed in my career,” Valadon told Krebs.
The repository was removed after Krebs and cybersecurity firm Seralys notified CISA of the exposure.
In a statement to MeriTalk, CISA said it is continuing to investigate the reported exposure.
“Currently, there is no indication that agency mission data was compromised,” a CISA spokesperson told MeriTalk. “Any sensitive or Personally Identifiable Information (PII) exposed was that of the contractor.”
“We hold our team members to the highest standards of integrity and operational awareness and are working to ensure additional safeguards are implemented to prevent future occurrences,” the spokesperson added.
Hassan said CISA’s statement “leaves unanswered questions about the policies and procedures that made it possible for this incident to reportedly occur in the first place.”
The senator noted that the incident “occurred against the backdrop of major disruptions internally at CISA.” She pointed to reports that CISA lost over a third of its workforce in 2025.
This year, CISA has seen a “continued flow of people out the door,” Andersen told Congress in March. This is due in part to the effects of the historic 76-day DHS shutdown.