U.S. federal cyber ecurity agency CISA aid it did not have a prepared re pon e plan for how it hould handle a cyber ecurity incident in May, after an inve tigative reporter notified the agency that a contractor had publicly expo ed en itive key and credential for acce ing U.S. government y tem .
CISA, the Homeland Security unit ta ked with defending federal network and helping to afeguard critical infra tructure, revealed Friday in a po tmortem report that it taff “had to pend time building [a playbook] during the early tage of the incident.” The agency aid it i important to prepare playbook for “all anticipated need ” to en ure that organization are ready to re pond in the event of a ecurity incident rather than crambling to improvi e one in real time.
The agency did not ay how long the mi ing playbook delayed CISA’ re pon e, and a poke per on did not immediately re pond to TechCrunch’ reque t for comment.
Independent cyber ecurity journali t Brian Kreb reported in May that a ecurity re earcher with cyber firm GitGuardian alerted him to ream of expo ed pa word tored in a publicly acce ible GitHub repo itory, which an employee of a CISA contractor had uploaded.
According to Kreb , the re earcher tried to alert the contractor but didn’t hear back. Only after Kreb contacted CISA did the agency take the repo itory offline and revoke and replace all of the expo ed credential to prevent any potential future abu e.
CISA aid that no cu tomer or mi ion data wa expo ed in the incident and thanked the re earcher and reporter for their help. The agency aid that it channel for allowing ecurity re earcher to notify CISA of potential incident “were not well defined,” and that it ha made change to make it ea ier and fa ter for re earcher to contact the agency.
CISA ha been without a permanent director ince the tart of Pre ident Donald Trump’ econd term in January 2025. The agency ha al o been affected by cut , furlough , and layoff affecting about a third of it workforce ince Trump took office.
When you purcha e through link in our article , we may earn a mall commi ion. Thi doe n’t affect our editorial independence.
Zack Whittaker i the ecurity editor at TechCrunch. He al o author the weekly cyber ecurity new letter, thi week in ecurity.
He can be reached via encrypted me age at zackwhittaker.1337 on Signal. You can al o contact him by email, or to verify outreach, at zack.whittaker@techcrunch.com.
La t chance to ave up to $190 on TechCrunch Founder Summit. Join 1,000+ founder and VC at all tage for real-world caling in ight and connection that move the needle.Saving end June 26, 11:59 p.m. PT.
Reed Job would rather talk about curing cancer than hi la t name
Apple ue OpenAI over alleged trade ecret theft
Elon Mu k prai e Mytho /Fable, promi e not to ‘cut off’ Anthropic
In tagram u er : Here’ how to top Meta’ AI from u ing your photo
Fed demand autonomou vehicle companie top interfering with fir t re ponder
Meta ju t launched a new AI generator, Mu e Image, and u er are already pu hing back over u e of their photo

