Red Hat Confirms Data Breach: 570GB Exfiltrated by Crimson Collective
Red Hat has confirmed a data breach involving a specific GitLab environment used by their consulting team. The breach, detected by Red Hat, has resulted in over 570GB of data being exfiltrated by the Crimson Collective extortion group. Belgian organizations that used Red Hat Consulting services or shared sensitive information with Red Hat are considered at high risk.
Upon detection, Red Hat swiftly launched an investigation, removed unauthorized access, isolated the instance, and contacted authorities. The compromised GitLab instance housed consulting engagement data, including project specifications, example code snippets, and internal communications. However, Red Hat stated that sensitive personal data was not typically housed in this instance, and there's no indication that any was accessed.
The incident has not affected other Red Hat services, products, or software supply chain, including official software downloads. Red Hat has implemented additional hardening measures to prevent further access and contain the issue. The Centre for Cybersecurity Belgium has issued a warning, advising Red Hat customers to revoke and rotate all tokens, keys, and credentials shared with Red Hat or used in integrations. The Crimson Collective claims to have exfiltrated data from over 28,000 internal repositories, including authentication tokens and full database URIs.
The affected organizations have not been specifically identified, and no details on the information potentially accessed have been disclosed. Red Hat continues to investigate the incident and will provide updates as necessary. Customers are urged to follow the Centre for Cybersecurity Belgium's advice to mitigate potential risks.
