Grafana suffered a secondary breach caused by an IR execution failure: a GitHub workflow token exposed during the TanStack/Shai-Hulud supply chain attack was not rotated, allowing TeamPCP to re-access private GitHub repositories containing Grafana source code and business contact data. No customer production systems were confirmed compromised, but the incident is a direct case study in how procedural gaps during incident response extend attacker dwell time beyond the initial compromise window.