Grafana's data breach stemmed from a GitHub workflow token that failed to be rotated after the TanStack npm supply-chain attack, suggesting security process gaps in credential management during incident response.