CISA Security Leak - Schneier on Security
CISA contractor exposed credentials to AWS GovCloud and internal systems via public GitHub repository.
Summary
A CISA contractor maintained a public GitHub repository exposing credentials for privileged AWS GovCloud accounts and internal CISA systems. The exposed archive included details on CISA's internal software development processes, representing a significant government data leak.
Full text
CISA Security Leak Crazy story: Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how CISA builds, tests and deploys software internally, and that it represents one of the most egregious government data leaks in recent history. News article. Tags: cybersecurity, data breaches, keys, leaks Posted on May 22, 2026 at 9:58 AM • 7 Comments