10/8/25, 3:33 PM           Red Hat Confirms Security Breach in Self-Hosted GitLab Instance, Customer Data Exposed - CPO Magazine

          Red Hat claims security breach poses no supply chain risk


          Red Hat says  the se curity breach did not affect other products or the software

          su pply chain, wh ich could se verely impact its downstream customers. It added that

          the breached GitL ab inst ance was only used for its consulting business and that

          so ftware down loaded from official channels was unaffected.
                                                        - Advertisement -


          “At this  time, we have no reason  to believe this security issue impacts any of our
          other Red Hat se rvices  or products, including our software supply chain or

          down loading Red Hat so ftware from official channels.”



          Nevertheless,  Red Hat says  the security breach allowed the threat actor to access
          certain data, including code sn ippets, project specifications, and internal

          communications.



          “Our invest igation, wh ich is  ongoing, found that an unauthorized third party had

          accesse d and copied som e data from this instance.”


          The IBM su bsi diary also  st resse d that the affected GitL ab instance does not store

          se nsi tive data, and its  ongoing investigation has found no evidence that the security

          breach expose d person al information.


          However, the attacker known  as the Crimson Collective claims to have stolen 570

          g igabytes  of  data from across  28,000 private repositories. The allegedly stolen

          sou rce code also  includes  Cust omer Engagement Reports (CERs) containing

          se nsi tive cust omer and platform information.


          W hile most  Red Hat sou rce code is publicly available, CERs contain infrastructure

          information, su ch as  network architecture and system configuration details,

          authentication information, including credentials and security tokens, and
          operational insi g hts,  like troubleshooting information, that could undermine the

          se curity of  down st ream cust omers.



          According to the attacker, the st olen data spans between 2020 and 2025 and affects

          critical se ctors,  including government, banking, and telecommunications.

      https://www.cpomagazine.com/cyber-security/red-hat-confirms-security-breach-in-self-hosted-gitlab-instance-customer-data-exposed/  2/7