Hackers steal 570 GB of customer data from 28,000 repositories of GitLab Consulting.
Red Hat confirmed in a blog post that hackers gained access to a GitLab instance of the Consulting division, where data from internal projects was stolen. According to the attackers, who call themselves Crimson Collective, it concerns nearly 570 GB of data from 28,000 repositories.
Customer Reports
The stolen data reportedly also includes about 800 Customer Engagement Reports (CERs). These documents often contain sensitive information about customer infrastructures, such as configurations, authentication tokens, and database details, which could theoretically be misused to compromise customer networks.
“We have now taken additional measures to prevent further access and to bring the issue under control.”
Red Hat
Among the companies or organizations mentioned in the published file lists are big names such as Bank of America, T-Mobile, Walmart, the FAA, and the U.S. House of Representatives. These companies are now being contacted to see what information might have been exposed.
Red Hat: ‘Only Consulting Affected’
Red Hat emphasizes that the incident has no impact on the software supply chain or other Red Hat products. “We have removed the attackers’ access, isolated the instance, and implemented additional security measures,” the company said in a statement.
The GitLab environment was only used for collaboration on specific consultancy tasks. Red Hat acknowledges that CERs were copied but states that they do not contain personal data.
No Response to Extortion Attempt
The hackers claimed they tried to extort the company. However, they only received a standard response requesting them to submit a vulnerability report. Meanwhile, they posted a list of the stolen data on Telegram, writes Bleeping Computer.