Top Democratic lawmakers on the House Homeland Security Committee requested a briefing from CISA acting Director Nick Andersen after reports of a contractor-linked leak of internal agency credentials. Independent reporting said researchers found a publicly accessible GitHub repository connected to contractor Nightwing that allegedly exposed sensitive access information tied to systems used by CISA and the Department of Homeland Security. The repository, labeled “Private CISA,” reportedly contained authentication credentials, AWS GovCloud information, and other sensitive data, and was later removed from public view. Lawmakers demanded details on how the lapse occurred, potential security consequences, remediation and corrective actions involving contractor personnel, and monitoring efforts to prevent recurrence. A separate letter to Andersen was also sent by Sen. Maggie Hassan.
"We demand a briefing as soon as possible on how this serious security lapse occurred, any potential security consequences, remediation activities, corrective actions related to the contractor personnel involved, and efforts to monitor for and prevent similar activity from occurring in the future, wrote Rep. Bennie Thompson of Mississippi, the committee's ranking member, and Rep. Delia Ramirez of Illinois, the ranking member of the panel's cyber subcommittee, in a Tuesday letter shared with Nextgov/FCW."
"The materials, stored in a repository labeled "Private CISA," reportedly included items like authentication credentials, AWS GovCloud information and other sensitive data. The repository was later removed from public view. Nextgov/FCW has not independently verified its contents."
""Security researchers said the content openly available online included information on 'how CISA builds, tests and deploys software internally,' and they described it as 'one of the most egregious government data leaks in recent history.' We agree," said the letter, referring to the contents of Krebs' reporting."
"A Nightwing spokesperson referred inquiries to CISA, which did not immediately respond to a request for comment. A separate letter to Andersen was sent by Sen. Maggie Hassan, D-N.H., Axios reported Tuesday."
Read at Nextgov.com
Unable to calculate read time
Collection
[
|
...
]