CISAがデータ漏洩の封じ込めに奔走、議員らが説明を要求
米国土安全保障省サイバーセキュリティ・インフラストラクチャセキュリティ庁(CISA)の契約社員が、政府用クラウド「AWS GovCloud」の認証情報や膨大な内部秘密情報を公開GitHubアカウントに意図的に公開した問題で、上下両院の議員が説明を求めている。CISAは依然として漏洩の封じ込めと認証情報の無効化に追われている。
関連記事
Lawmakers are demanding answers from CISA as the agency works to contain a data leak. The incident has raised concerns over the security of sensitive information held by the cybersecurity agency, prompting calls for transparency and accountability from Congress.
GitGuardian discovered a critical GitHub leak exposing CISA's internal infrastructure, including hardcoded credentials and API keys. Within 26 hours of reporting, the leak was fully removed, highlighting both the prevalence of secret exposure in repositories and the effectiveness of rapid coordinated response between security researchers and government agencies.