LOADING...
US cybersecurity agency had no response plan for data breach
CISA is part of the DHS

US cybersecurity agency had no response plan for data breach

Jul 11, 2026
11:05 am

What's the story

The Cybersecurity and Infrastructure Security Agency (CISA) of the United States has admitted to not having a pre-prepared response plan for a major cybersecurity incident in May. The admission came after an investigative journalist informed the agency about sensitive keys and credentials for accessing US government systems being exposed by one of its contractors. CISA is part of the Department of Homeland Security and is responsible for protecting federal networks and securing critical infrastructure.

Response delay

CISA admits to not having a pre-prepared response plan

In a postmortem report, CISA revealed that its staff had to create an incident response plan, or "playbook," during the early stages of the cybersecurity breach. The agency emphasized the importance of having playbooks for "all anticipated needs" to ensure organizations are prepared for security incidents. However, it did not specify how long this missing playbook delayed their response to the incident.

Repository exposure

Breach 1st reported by journalist Brian Krebs

The breach was first reported by independent cybersecurity journalist Brian Krebs. He revealed that a security researcher from cyber firm GitGuardian found a trove of exposed passwords in a public GitHub repository uploaded by an employee of a CISA contractor. The researcher tried to contact the contractor but got no response, leading Krebs to alert CISA about the issue.

Advertisement

Agency action

CISA took immediate action after being alerted

Following Krebs's alert, CISA took immediate action by taking down the exposed repository and revoking all exposed credentials to prevent any potential future abuse. However, the agency clarified that no customer or mission data was compromised in this incident. It also thanked the researcher and reporter for their assistance in handling the situation.

Advertisement

Communication issues

CISA's channels for security researchers were not well defined

CISA admitted that its channels for security researchers to report potential incidents "were not well defined." The agency has since made changes to make it easier and faster for these researchers to contact them. This incident comes amid leadership instability at CISA, which has been without a permanent director since President Donald Trump began his second term in January 2025.

Advertisement