> This incident involved one of our engineers installing a compromised package on their development machine, which led to credential theft and unauthorized access to our GitHub organization.

The org only has 4-5 engineers. So you can imagine the impact a large org will have.