Sen. Maggie Hassan (D-N.H.) is requesting an "urgent" classified briefing from the acting director of the country's top cyber agency after a recent leak of internal agency credentials was exposed, according to a letter first shared with Axios.Why it matters: This marks the first congressional response to the latest disruption to hit the Cybersecurity and Infrastructure Security Agency in the second Trump administration. Driving the news: Late Monday, independent journalist Brian Krebs reported that security researchers had uncovered an exposed GitHub repository tied to a private contractor that included a vast number of internal credentials for CISA and Department of Homeland Security accounts. That repository also included files, cloud keys, tokens, plaintext passwords, logs and other sensitive agency assets, according to the report. One exposed file had what appeared to be administrative credentials stored in plain text to three Amazon AWS GovCloud accounts, per the report. The repository has since been taken down, so Axios could not independently verify the findings. "This is indeed the worst leak that I've witnessed in my career," Guillaume Valadon, a researcher with the security firm GitGuardian who found the public code repositories, told Krebs.Zoom in: Hassan, a member of the Senate Homeland Security Committee, requested a classified briefing in a letter to acting CISA director Nick Andersen on Tuesday.She requested details on how the exposure happened, what was exposed and what steps the agency has taken to limit the damage. Hassan is also requesting details about which contractor was responsible for the blunder."This reporting raises serious concerns regarding CISA's internal policies and procedures at a time of significant cybersecurity threats against U.S. critical infrastructure," Hassan wrote in the letter. What they're saying: CISA did not immediately respond to a request for comment, but a spokesperson told Krebs that "currently, there is no indication that any sensitive data was compromised as a result of this incident." The spokesperson added that the agency is implementing "additional safeguards... to prevent future occurrences." What's next: Hassan has requested the briefing happen before June 5. Go deeper: How Trump 2.0 has shaped and shrunk the top U.S. cyber agency