House Homeland Dems request CISA briefing amid report of leaked agency credentials

Ranking member Rep. Bennie Thompson (D-MS) speaks during a House Homeland Security Committee hearing on Capitol Hill on March 25, 2026 in Washington, DC.

Ranking member Rep. Bennie Thompson (D-MS) speaks during a House Homeland Security Committee hearing on Capitol Hill on March 25, 2026 in Washington, DC. Andrew Harnik/Getty Images

Featured eBooks
Health Tech
Read Now

CDM

Read Now

Future-Ready Workforce

Read Now
Insights & Reports
Overcoming eDiscovery Challenges for Government Agencies
Presented By Casepoint
Download Now
See More. Solve Faster. Deliver Better Care.
Presented By Riverbed
Download Now
David DiMolfetta By David DiMolfetta,
Cybersecurity Reporter, Nextgov/FCW

By David DiMolfetta

|

Independent journalist Brian Krebs reported Monday that researchers found a publicly accessible GitHub repository connected to a government contractor that exposed CISA data.

Top Democratic lawmakers on the House Homeland Security Committee have requested a briefing from Cybersecurity and Infrastructure Security Agency acting Director Nick Andersen following reports of a contractor-linked leak of internal agency credentials.

Independent journalist Brian Krebs reported Monday that researchers identified a publicly accessible GitHub repository connected to government contractor Nightwing that allegedly exposed a broad collection of sensitive access information tied to systems used by CISA and its parent agency, the Department of Homeland Security.

“We demand a briefing as soon as possible on how this serious security lapse occurred, any potential security consequences, remediation activities, corrective actions related to the contractor personnel involved, and efforts to monitor for and prevent similar activity from occurring in the future,” wrote Rep. Bennie Thompson of Mississippi, the committee’s ranking member, and Rep. Delia Ramirez of Illinois, the ranking member of the panel’s cyber subcommittee, in a Tuesday letter shared with Nextgov/FCW.

The materials, stored in a repository labeled “Private CISA,” reportedly included items like authentication credentials, AWS GovCloud information and other sensitive data. The repository was later removed from public view. Nextgov/FCW has not independently verified its contents.

“Security researchers said the content openly available online included information on ‘how CISA builds, tests and deploys software internally,’ and they described it as ‘one of the most egregious government data leaks in recent history.’ We agree,” said the letter, referring to the contents of Krebs' reporting.

A Nightwing spokesperson referred inquiries to CISA, which did not immediately respond to a request for comment. A separate letter to Andersen was sent by Sen. Maggie Hassan, D-N.H., Axios reported Tuesday.

CISA has undergone significant workforce cuts in the last year, which Thompson and Ramirez say may have contributed to the incident. They worry that “a substantially reduced workforce, coupled with the administration’s indifference to security, created the conditions that allowed such a significant security lapse to occur. Moreover, we are concerned that the incident undermines CISA’s credibility.”

NEXT STORY: Telecom firms form new cyber information-sharing group