Red Hat has confirmed a major data breach after hackers claimed to have stolen sensitive customer secrets worth $millions. A group called Crimson Collective allegedly accessed the company’s GitHub repositories, taking 570GB of internal project files and 800 Customer Engagement Records (CERs). However, Red Hat denies verifying the claims of stolen CERs or impact on other services.
The breach was discovered two weeks ago, with hackers claiming to have obtained authentication tokens, database URIs, and other private information that could be used to access downstream customers. Crimson Collective allegedly targeted several high-profile companies, including Bank of America, T-Mobile, AT&T, Fidelity, Mayo Clinic, Walmart, the US Navy’s Naval Surface Warfare Center, and Federal Aviation Administration.
Red Hat has taken remediation steps, but emphasizes its priority is the security and integrity of its systems and data. The company claims to have no reason to believe the breach impacts other services or products and is confident in the integrity of its software supply chain. Notably, Crimson Collective attempted to extort Red Hat for money, but was met with generic responses.
Red Hat’s response highlights the need for robust cybersecurity measures to protect sensitive information, particularly when it comes to customer engagement records that hold valuable infrastructure data.
Source: https://www.techradar.com/pro/security/red-hat-confirms-major-data-breach-after-hackers-claim-mega-haul