Skip to content
Safeguarding Your Gadgets GalaxyUnleashing the Power of Gadgets!general-newsCrime-and-justice

Red Hat Consulting Hit by Major Data Breach, Crimson Collective Claims Access to 28,000 Repositories

Red Hat Consulting's clients, including major banks and tech giants, face potential exposure. The breach could impact infrastructure and customer data.

 and  Administrator
1 min read
We can see rings on red surface.
We can see rings on red surface.

Red Hat Consulting Hit by Major Data Breach, Crimson Collective Claims Access to 28,000 Repositories

Red Hat Consulting has suffered a significant data breach. The Crimson Collective hacker group claims to have accessed and exfiltrated data from over 28,000 internal repositories on Red Hat's GitLab instance, not GitHub as initially reported. The compromised data includes sensitive information from major global organizations.

The breach, which Red Hat is currently investigating, affects a wide range of clients. These include major banks like Citi, JPMC, and HSBC, telecoms such as Verizon and Telefonica, tech giants like Siemens and Bosch, and even the U.S. Senate. The data compromised ranges from customer engagement reports to infrastructure analysis and private repositories.

The Crimson Collective claims to have already gained access to some of Red Hat Consulting's customers' infrastructure. They attempted to contact Red Hat with a ransom demand but received only an automated response. The compromised data includes credentials, CI/CD secrets, pipeline and container registry configurations, VPN profiles, infrastructure blueprints, Ansible playbooks, and OpenShift install blueprints. Red Hat, however, assures that there's no reason to believe this issue has impacted other Red Hat services or products, and the software supply chain remains intact.

Red Hat Consulting is actively working to remediate the breach. Meanwhile, BleepingComputer subscribers can stay informed about the latest developments and other cybersecurity threats through breaking news email alerts. The full extent of the breach and its potential impact on the affected organizations remain under investigation.

Read also:

Related

Latest