Back

Senator Hassan Demands Answers on CISA Data Leak Involving Contractor

Severity: High (Score: 66.0)

Sources: Hassan.Senate, Therecord.Media

Published: 2026-05-20 · Updated: 2026-05-20

Keywords: senator, answers, hassan, presses, cisa, alleged, leak

Summary

U.S. Senator Maggie Hassan has requested an urgent classified briefing from the Cybersecurity and Infrastructure Security Agency (CISA) regarding a significant data leak involving contractor Nightwing. Reports indicate that sensitive agency account credentials and internal operational files were found in a public GitHub repository. The exposed files included AWS administrative credentials and plaintext usernames and passwords for internal systems. This incident raises serious concerns about CISA's internal security policies, especially given the backdrop of ongoing cyber threats to U.S. critical infrastructure. Security experts have labeled this leak as one of the most egregious government data leaks in recent history. CISA has stated there is no indication that sensitive data was compromised, but questions remain about the security measures that allowed this incident to occur. The agency is under pressure to clarify its internal procedures and the implications of this breach. Key Points: • A contractor for CISA reportedly leaked sensitive agency credentials on a public GitHub repository. • Files included AWS administrative credentials and plaintext passwords for multiple internal systems. • Senator Hassan has called for a classified briefing to address security policy concerns at CISA.

Detailed Analysis

**Impact** The data leak involves the Cybersecurity and Infrastructure Security Agency (CISA) and a government contractor named Nightwing. Sensitive information exposed includes lists of agency accounts and passwords, administrative credentials to three Amazon Web Services (AWS) servers, and plaintext usernames and passwords for multiple internal systems. The leak potentially affects U.S. critical infrastructure sectors, given CISA’s role, and occurs amid significant internal disruptions at CISA, including the loss of over a third of its workforce in 2025. The scope of the leak could impact national cybersecurity operations and infrastructure defense. **Technical Details** The incident involved a contractor maintaining sensitive CISA data on a public database, reportedly a GitHub repository. Exposed files included a folder named “Private-CISA” containing internal software build, test, and deployment details, AWS administrative tokens, and plaintext passwords. No specific attack vector, malware, CVEs, or kill chain stages were identified in the reporting. Indicators of compromise (IOCs) such as repository names or hashes were not provided. **Recommended Response** Immediate actions should include revoking and rotating all exposed credentials, especially AWS tokens and internal system passwords. CISA and contractors must audit and secure code repositories and public-facing databases to prevent unauthorized access. Implement strict access controls and enforce credential management policies for contractors. Monitor for suspicious activity related to compromised accounts and review internal policies to prevent similar data exposures.

Source articles (2)

  • Senator presses CISA for answers about alleged GitHub repository leak — Therecord.Media · 2026-05-20
    U.S. Senator Maggie Hassan (D-NH) sent a letter to the acting director of the Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday demanding answers an alleged breach uncovered by cybers…
  • Senator Hassan Presses for Answers on Major Reported Data Leak at Leading ... — Hassan.Senate · 2026-05-19
    Hassan: “This reported incident raises serious questions how such a security lapse could occur at the very agency charged with helping to prevent cyber breaches” WASHINGTON – U.S. Senator Maggie Hassa…

Timeline

  • 2026-05-19 — Senator Hassan requests briefing from CISA: Senator Hassan sent a letter demanding answers about a data leak involving contractor Nightwing, highlighting serious security lapses.
  • 2026-05-20 — Article published detailing the incident: The Record reported on Senator Hassan's letter and the implications of the data leak involving CISA contractor Nightwing.

Related entities

  • Data Breach (Attack Type)
  • Cybersecurity and Infrastructure Security Agency (Company)
  • Nightwing (Company)
  • AWS (Company)
  • CWE-200 - Exposure of Sensitive Information (Cwe)
  • Manufacturing (Industry)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed