TeamPCP was able to breach GitHub's private source code after a staff member inadvertently installed a harmful coding tool.