How We Got a CISA GitHub Leak Taken Down in Under a Day

On May 14–15, 2026 GitGuardian discovered a public GitHub repository ('Private-CISA') containing 844 MB of sensitive CISA-related material — plaintext secrets, private keys, AWS tokens, Kubernetes manifests, Terraform code, CI/CD logs, and internal backups — and reported it to CERT/CC and CISA; the repository was taken offline within about 26 hours. The exposed files provided a detailed view into cloud infrastructure and operational practices and presented a high-risk data leak, although the blog reports no confirmed active exploitation before takedown.