ทันเอไอ

Global AI & tech news, in your language · every story source-checked

🌐Follow
← Back to news
Tools / Open SourceVerified

US Cyber Agency CISA Admits Lack of Preparedness After Employee Leaked Login Data on GitHub

The US Cybersecurity and Infrastructure Security Agency (CISA) revealed it had to create an emergency response plan *during* an incident after a contractor leaked sensitive government login data publicly on GitHub.

📅 12 Jul 2026, 01:14
US Cyber Agency CISA Admits Lack of Preparedness After Employee Leaked Login Data on GitHub

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) admitted in a post-mortem report that it lacked a pre-prepared playbook for the sensitive cloud data leak incident that occurred last May. This resulted in officials having to "spend time creating [the playbook] during the initial stages of the incident" while simultaneously addressing immediate issues.

The incident began in May when security researchers from GitGuardian discovered a large amount of sensitive information, such as keys and credentials for accessing U.S. government systems, stored in a publicly accessible GitHub repository. This data had been uploaded by an employee of a contractor working for CISA itself. The researchers attempted to directly notify the contractor company but received no response.

The story became public after the researchers informed independent cybersecurity investigative journalist Brian Krebs. Krebs then contacted CISA directly. Only after being contacted by the journalist did CISA act, taking the repository offline and immediately revoking or changing all leaked sensitive data.

Interestingly, CISA has for years advocated for and urged various public and private organizations to create playbooks for responding to different types of cyber incidents. However, in its latest report, the agency itself admitted it "missed creating a GitHub/Cloud playbook beforehand" specifically for this type of situation. Nevertheless, CISA stated that its post-incident review found no evidence that malicious actors had used the leaked data, and no customer data or other sensitive information was affected.

Why it matters
This incident is a critical reminder that even national agencies responsible for cybersecurity can have process vulnerabilities. It underscores the importance of having pre-prepared incident response plans for all scenarios, rather than creating them only after a problem occurs.
#CISA#ความมั่นคงปลอดภัยไซเบอร์#GitHub#ข้อมูลรั่วไหล

Related news

เครื่องมือ/โอเพนซอร์ส
เจอกระแสต้านหนัก Meta ถอนฟีเจอร์ AI สร้างภาพจากบัญชี Instagram สาธารณะ หลังเปิดตัวไม่กี่วัน
เครื่องมือ/โอเพนซอร์ส
Reverse Centaur: แนวคิดใหม่ไขปริศนา ทำไมประสบการณ์ใช้ AI ถึงต่างกันสุดขั้ว
เครื่องมือ/โอเพนซอร์ส
"AI 2040" แผนชะลอ Superintelligence ถึงปี 2040 ถูกวิจารณ์โดย George Hotz ว่าเป็นแค่ "ลัทธิบูชาสติปัญญา"
เครื่องมือ/โอเพนซอร์ส
งานวิจัยเคมบริดจ์เผย โบโกฮะรอมตั้งหน่วย AI เฉพาะกิจ ใช้ ChatGPT-Gemini วางแผนโจมตี-สร้างอาวุธ