Red Hat Confirms Security Incident, Warns Customers to Rotate Credentials
Red Hat has confirmed a security incident involving unauthorized access to a GitLab instance used by the Red Hat Consulting team. The Centre for Cybersecurity Belgium has issued a warning, advising Red Hat customers to revoke and rotate all tokens, keys, and credentials shared with Red Hat or used in integrations. The incident, however, does not appear to have affected other services or products, including the software supply chain or official download channels.
The extortion group Crimson Collective claims to have exfiltrated over 570GB of data from over 28,000 internal repositories. This data could include authentication tokens and full database URIs. Red Hat has stated that there is no indication that sensitive personal data was accessed. The compromised GitLab instance housed consulting engagement data, including project specifications, example code snippets, and internal communications about consulting services.
Organizations that could be affected include major corporations and government bodies. Bank of America, T-Mobile, AT&T, Fidelity, Kaiser, Mayo Clinic, Walmart, Costco, the U.S. Navy’s Naval Surface Warfare Center, Federal Aviation Administration, and the House of Representatives are among those potentially impacted.
Red Hat has confirmed the incident but reassured that there is no impact on other services or products. The Crimson Collective claims to have accessed a significant amount of data, but Red Hat maintains that there is no indication of sensitive personal data being accessed. Organizations that used services from Red Hat Consulting or shared sensitive information with Red Hat are advised to take necessary precautions.
