Red Hat Confirms Major Data Breach Affecting High-Profile Organizations

Red Hat has confirmed a data breach involving a specific GitLab environment used by its consulting team. The unauthorized access, detected by Red Hat, resulted in over 570GB of data being exfiltrated by the Crimson Collective extortion group. The Centre for Cybersecurity Belgium has issued a warning, advising Red Hat customers to take necessary precautions.

The compromised repositories reference major organizations such as banks, telecoms firms, airlines, and even the US Senate. Upon detection, Red Hat launched an investigation, removed unauthorized access, isolated the instance, and contacted authorities. The Crimson Collective claims to have exfiltrated data from over 28,000 internal repositories, including authentication tokens and full database URIs.

The organizations potentially affected by the breach could include businesses and institutions reliant on Red Hat’s consulting services, such as government agencies, financial institutions, and large enterprises that use Red Hat solutions. However, specific details about affected organizations are not provided. Red Hat stated that sensitive personal data was not typically housed in this GitLab instance, and there's no indication it was accessed. Red Hat has implemented additional hardening measures to prevent further access and contain the issue. The compromised GitLab instance housed consulting engagement data, including project specifications, example code snippets, and internal communications.

The incident has not affected other Red Hat services, products, or software supply chain, including official software downloads. Red Hat urges customers to revoke and rotate credentials, assess potential exposure, and monitor for anomalies. Further details about the breach and affected organizations may emerge as investigations continue.