Red Hat Confirms Data Breach: 570GB of Sensitive Data Exfiltrated
Red Hat has confirmed a data breach involving a specific GitLab environment used by the Red Hat Consulting team. The Centre for Cybersecurity Belgium has issued a warning, advising Belgian organizations to take immediate action.
The unauthorized access resulted in over 570GB of data being exfiltrated. This includes sensitive information such as client documents, Customer Engagement Reports (CERs) containing infrastructure details, authentication tokens, and full database URIs. The compromised GitLab instance housed consulting engagement data, including project specifications, example code snippets, and internal communications.
Red Hat has found no indication that sensitive personal data was accessed or that other services or products were affected. However, the Centre for Cybersecurity Belgium warns that Belgian organizations that used Red Hat Consulting services or shared sensitive information with Red Hat are at high risk. The organization that executed the attack, identified as the Crimson Collective, claims to have breached a private GitHub repository of Red Hat and stolen nearly 570 GB of compressed data from 28,000 internal projects.
Red Hat has implemented additional hardening measures to prevent further access and contain the issue. The Centre for Cybersecurity Belgium recommends revoking and rotating all tokens, keys, and credentials shared with Red Hat, checking with IT providers or partners, and monitoring authentication events for anomalies.
