ADVERTISEMENT

How the world’s top cyber authority left its door wide open on GitHub: CISA shares lessons from major blunder

CISA promises no customer or mission data was compromised, even though exposed keys remained valid for days.

CISA

Image by jackpress | Shutterstock

Ernestas Naprys
Ernestas Naprys Senior Journalist
Jul 10, 2026 Updated: 1 hour ago 5 min read
Key takeaways:

It took a journalist to get CISA's attention

This is indeed the worst leak that I’ve witnessed in my career.
Valadon wrote in an email to Brian Krebs.

Check if your data has been leaked

Find out if your email, phone number or related personal information might have fallen into the wrong hands.
18,611,353,922
Breached accounts
36,030
Breached websites
ADVERTISEMENT
US Cybersecurity and Infrastructure Security Agency
Thomas Fuller/SOPA Images/LightRocket via Getty Images

So what were the actual lessons learned?

No secrets in any repos

github data breach

A direct line for researchers

Tighter controls and replacement-ready keys

Ernestas Naprys
Senior Journalist
ADVERTISEMENT