Red Hat on Thursday confirmed an attacker gained access to and stole data from a GitLab instance used by its consulting team, exposing some customer data. The open-source software company, a subsidiary of IBM, said the breach is contained and an investigation into the attack is underway. 

“Upon detection, we promptly launched a thorough investigation, removed the unauthorized party’s access, isolated the instance, and contacted the appropriate authorities,” Red Hat said in a security update. “Our investigation, which is ongoing, found that an unauthorized third party had accessed and copied some data from this instance.”

Red Hat said the compromised GitLab instance contained work related to consulting engagements with some customers, including project specifications, example code snippets and internal communications about the consulting services. 

“This GitLab instance typically does not house sensitive personal data,” Red Hat said. “While our analysis remains ongoing, we have not identified sensitive personal data within the impacted data at this time.”

GitLab underscored that the incident involves a self-managed instance of its free GitLab Community Edition. “There has been no breach of GitLab’s managed systems or infrastructure. GitLab remains secure and unaffected,” a GitLab spokesperson said in a statement.

“Customers who deploy free, self-managed instances on their own infrastructure are responsible for securing their instances, including applying security patches, configuring access controls, and maintenance,” the spokesperson added.

A cybercrime group calling itself Crimson Collective claimed responsibility for the attack and said it stole more than 28,000 repositories from Red Hat’s GitLab instance. The threat group published a directory tree on Telegram listing the names of hundreds of companies it claims were impacted by the attack. 

The Centre for Cybersecurity Belgium published a warning Thursday, describing the breach as a high risk that potentially exposed sensitive information including credentials, tokens and network configuration data shared with Red Hat’s consulting team. 

“We have no reason to believe the security issue impacts any of our other Red Hat services or products and are highly confident in the integrity of our software supply chain,” a spokesperson said in a statement. 

The company said potential exposure is limited to Red Hat Consulting customers, adding that those who are impacted will be notified directly.

“Red Hat takes the security and integrity of our systems and the data entrusted to us extremely seriously, and we are addressing this issue with the highest priority,” the company said.

Red Hat did not say when it detected the intrusion, but said additional hardening measures have been implemented to prevent further access.

Update: 10/3/2025, 10:13 a.m.: This story was updated to include comments from GitLab.

The post Red Hat confirms breach of GitLab instance, which stored company’s consulting data appeared first on CyberScoop.

The average cost of a data breach for U.S. companies jumped 9% to an all-time high of $10.22 million in 2025, as the global average cost fell 9% to $4.44 million, IBM said in its 20th annual Cost of a Data Breach Report Wednesday.

While shorter investigations are pushing down costs globally, reflecting the first decline in five years, IBM found higher regulatory fines, along with detection and escalation costs, are driving up the ultimate recovery price in the United States. 

“This widening gap helps explain why U.S. organizations continue to face the highest breach costs globally, further compounded by more organizations in the U.S. reporting paying steeper regulatory fines,” Troy Bettencourt, global partner and head of IBM X-Force, said in an email.

The report underscores that organizations face an uneven burden in the wake of data breaches, even as detection and containment times improve. On average, it took organizations 241 days to identify and contain a breach through the one-year period ending in February — a nine-year low, according to IBM.

“Shorter breaches mean less disruption, faster containment, and fewer chances for attackers to access sensitive systems or data. Time really is money when it comes to breach impact,” Bettencourt said. “Faster detection is proving to be one of the most effective ways to reduce breach costs across the board.”

Average global costs for detection and escalation declined almost 10% to $1.47 million, remaining the largest cost driver for data breaches for the past four years. Other cost categories also declined, with lost business coming in at $1.38 million on average, followed by $1.2 million for post-breach response costs and notification costs of almost $390,000.

Despite a 24% year-over-year reduction in costs, health care remained the most heavily impacted industry overall for the 14th consecutive year, at $7.42 million. Organizations in the financial, industrial, energy and technology sectors rounded out the top five industries absorbing the highest costs from data breaches globally.

While most industries reported a year-over-year decline in data breach costs globally, organizations in entertainment, media, hospitality, education, research, retail and the public sector bucked that trend in 2025.

Just over half (51%) of data breaches were caused by malicious activities or cyberattacks. Human error accounted for 26% and IT failure was responsible for 23% of data breaches during the reporting period, according to IBM.

Phishing was the initial access vector in 16% of attacks resulting in a data breach, making it the most common root cause of attacks studied for this year’s report. Supply-chain compromises were the second-most prevalent attack vector at nearly 15%, followed by denial-of-service attacks at nearly 13%.

Nearly two-thirds of the data breaches experienced by 600 organizations IBM analyzed globally from March 2024 through February 2025 said they are still recovering from the data breach. Recovery efforts typically extend beyond 100 days, with roughly a quarter of impacted organizations recovering within 101 to 125 days and another quarter recovering within 126 and 150 days.

Organizations also continue to push back against ransom demands in greater numbers. The number of organizations hit with ransomware attacks who refused to pay a ransom jumped from 59% in 2024 to 63% this year, according to IBM.

The report, which was conducted for IBM by the Ponemon Institute, also looked at security incidents involving artificial intelligence. Breaches involving an AI model or application were reported by 13% of organizations, and 31% of those AI-related security incidents led to operational disruption with attackers gaining access to sensitive data, the report found.

IBM said nearly two-thirds of organizations lack AI governance policies, a deficiency that exacerbates the growing emergence of AI security as a target for attacks.

The post Research shows data breach costs have reached an all-time high appeared first on CyberScoop.