A public GitHub repository named "Private-CISA" created by an outside contractor exposed approximately 844 MB of sensitive data belonging to the U.S. Cybersecurity and Infrastructure Security Agency, including plain-text passwords stored in a CSV file, AWS GovCloud tokens, and Entra ID SAML certificates. GitGuardian discovered the repository on May 14, 2026; it had been public since November 2025, and some of the exposed credentials were still valid at the time of discovery. CISA took the repository offline within roughly 26 hours of notification and stated there is no current indication that sensitive data was compromised. The exposure is being reported as one of the most significant credential leaks observed against a U.S. federal cybersecurity agency, and underscores the risk of unmanaged contractor repositories on public GitHub. No GitHub platform vulnerability is implicated; the incident concerns sensitive data published to GitHub by a CISA contractor.
// Alert
GitHub threat report
// GitHubHIGH
// Get alerts for GitHub