Security update: Incident related to Red Hat Consulting GitLab instance

Security update: Incident related to Red Hat Consulting GitLab instance What happened Scope and impact on customers Our next steps About the author Red Hat More like this Blog post Blog post Original podcast Original podcast Browse by channel Automation Artificial intelligence Open hybrid cloud Security Edge computing Infrastructure Applications Virtualization Share We are writing to provide an update regarding a security incident related to a specific GitLab environment used by our Red Hat Consulting team. Red Hat takes the security and integrity of our systems and the data entrusted to us extremely seriously, and we are addressing this issue with the highest priority. We recently detected unauthorized access to a GitLab instance used for internal Red Hat Consulting collaboration in select engagements. Upon detection, we promptly launched a thorough investigation, removed the unauthorized party’s access, isolated the instance, and contacted the appropriate authorities. Our investigation, which is ongoing, found that an unauthorized third party had accessed and copied some data from this instance. We have now implemented additional hardening measures designed to help prevent further access and contain the issue. We understand you may have questions about whether this incident affects you. Based on our investigation to date, we can share: Impact on Red Hat products and supply chain: At this time, we have no reason to believe this security issue impacts any of our other Red Hat services or products, including our software supply chain or downloading Red Hat software from official channels. Consulting customers: If you are a Red Hat Consulting customer, our analysis is ongoing. The compromised GitLab instance housed consulting engagement data, which may include, for example, Red Hat’s project specifications, example code snippets, internal communications about consulting services, and limited forms of business contact information. We will notify you directly if we believe you have been impacted. Other customers: If you are not a Red Hat Consulting customer, there is currently no evidence that you have been affected by this incident.