Red Hat confirms security incident after hackers claim GitHub breach

An extortion group calling itself the Crimson Collective claims to have breached Red Hat’s private GitHub repositories, stealing nearly 570GB of compressed data across 28,000 internal projects. This data allegedly includes approximately 800 Customer Engagement Reports (CERs), which can contain sensitive information about a customer’s network and platforms. A CER is a consulting document prepared for clients that often contains infrastructure details, configuration data, authentication tokens, and other information that could be abused to breach customer networks. The directory listing of CERs includes a wide range of sectors and well-known organizations such as Bank of America, T-Mobile, AT&T, Fidelity, Kaiser, Mayo Clinic, Walmart, Costco, the U.S. Navy’s Naval Surface Warfare Center, Federal Aviation Administration, the House of Representatives, and many others.

To read the complete article see: Bleeping Computer