A contractor exposed 844 MB of sensitive CISA data, including AWS GovCloud credentials and internal system passwords, in a public GitHub repository for six months. CISA's delayed response and lack of clear reporting channels exacerbated the incident.