Red Hat GitLab Breach Shows Why Consulting Data is a Goldmine for Attackers by Lucie Cardiet

Crimson Collective claims to have stolen ~570 GB of compressed data from Red Hat's self‑managed GitLab—including around 800 Customer Engagement Reports that may contain authentication tokens, database URIs, and infrastructure details—potentially enabling attackers to pivot into many downstream customer environments; Red Hat says the breach was limited to its consulting division while the group has publicized repository listings and appears to be cooperating with Scattered LAPSUS$ Hunters. Vectra AI outlines detection guidance (token misuse, reconnaissance, lateral movement, data staging) and positions its platform as able to detect behavior-based signs of compromise.