CISA tries to contain data leak
speckx
175 points
46 comments
May 22, 2026
Related Discussions
Found 5 related stories in 170.1ms across 8,303 title embeddings via pgvector HNSW
- CISA Admin Leaked AWS GovCloud Keys on GitHub LelouBil · 439 pts · May 19, 2026 · 65% similar
- French government agency confirms breach as hacker offers to sell data robtherobber · 372 pts · April 23, 2026 · 54% similar
- Lawmakers' prescription data at risk after data breach rationalist · 13 pts · May 14, 2026 · 53% similar
- U.S. Cybersecurity Agency Leaves Its Digital Keys Out in Public on GitHub neogodless · 112 pts · May 19, 2026 · 51% similar
- Senators want datacenters to come clean on power consumption Bender · 12 pts · March 30, 2026 · 49% similar
Discussion Highlights (11 comments)
m3047
CISA said “there is no indication that any sensitive data was compromised as a result of the incident.” Oh wow. Except for those secrets.
fragmede
> “Ultimately, this is a thing you can’t solve with a technical control,” Boileau said on this week’s podcast. “This is a human problem where you’ve hired a contractor to do this work and they have decided of their own volition to use GitHub to synchronize content from a work machine to a home machine. I don’t know what technical controls you could put in place given that this is being done presumably outside of anything CISA managed or even had visibility on.” More competent technical control means a random contractor doesn't have passwords from mid-2025 to copy to their home machine that even still work after 30 days, if not 5.
niwtsol
What an egregious mistake. "exhibits a pattern consistent with an individual operator using the repository as a working scratchpad or synchronization mechanism rather than a curated project repository" - isn't is git 101 to not put creds in git? What pattern do they think this is consistent with?
Cider9986
Maybe Massie was right when he didn't want to fund CISA.
imglorp
It's almost like gutting the agency of experts diminishes their opsec capacity among many others. In 2020 Chris Krebs contradicted stolen election claims. In 2025, Trump sacked Krebs and revoked his clearance, leaving CISA without a director. https://en.wikipedia.org/wiki/Chris_Krebs In March 2025, the cuts began. https://techcrunch.com/2025/03/11/doge-axes-cisa-red-team-st... In 2026, it was still without a director and running on fumes. https://techcrunch.com/2026/02/25/us-cybersecurity-agency-ci... This activity is consistent with intentionally weakening a country's defenses from within and sowing chaos.
0x59
Reminds me of the enshittification of public transit. Reduce funding, service level decreases, negative sentiment follows. Eventually, paths like that may lead to increased privatization through security contractors.
0xbadcafebee
> CISA, which lost more than a third of it workforce and almost all of its senior leaders after the Trump administration forced a series of early retirements, buyouts, and resignations across the agency’s various divisions
fhn
Lawmakers want answers but they never provide answers themselves. Who watches the so-called watchers? Corruption on a massive scale on by lawmakers but when a key gets published, heads will roll? Keys are mistakenly published all the time by very smart people. Ever ran rm -rf *? Every destroy a production db? Ever power off the wrong server? Yes.
omgJustTest
Seems senators had questions about why CISA was scaling back efforts related to election security[1]. Tulsi's resignation today seems interestingly timed to when this became public. [1] https://www.padilla.senate.gov/newsroom/press-releases/padil...
bandrami
I remember when they leaked a million SF-86s. You know, the form we fill out with a ton of highly personal information so they can decide if we can be trusted with sensitive data.
pianopatrick
If these guys who are supposed to be the experts cannot really be secure on the internet, I'm not sure how anyone else is supposed to be secure on the internet.