Lawmakers Demand Answers as CISA Tries to Contain Data Leak

**CISA credential leak:** A CISA contractor published plaintext credentials and an RSA private key in a public GitHub repository called `Private-CISA`, exposing AWS GovCloud tokens and other internal secrets; the exposed key could grant broad access to CISA’s GitHub organization and CI/CD pipelines. CISA reported it is responding and rotating credentials, but remediation remained incomplete, prompting congressional inquiries and concerns about potential adversary access.