10/8/25, 3:33 PM                      Red Hat breach escalates as Crimson Collective recruits help • The Register
          A post on the newly launched Scattered Lapsus$ Hunters leak site, seen by The Register,
          threatens to publish a "multi terabyte of data haul of your most sensitive intellectual property"
          and accuses Red Hat of failing to safeguard what it claims are trade secrets and personal data,

          invoking GDPR and US state privacy laws. It also reckons Red Hat's doors were kicked in on
          September 13 – weeks before the company came clean about the break-in.


          The crew claims more than 5,000 directories contain CONFIDENTIALITY.md files, and warns
          that the data implicates major private and public sector organizations.


          The leak site sets a deadline, demanding that Red Hat contacts the extortionists by October 10

          to "resolve this," and promising that, if it is paid, it will refrain from attacking Red Hat's
          customers directly. As always, the word of a criminal cannot be trusted.


          Red Hat has not responded to The Reg's questions, but has tried to reassure customers by
          saying the incident affected "a specific GitLab environment used by Red Hat Consulting

          collaboration in select engagements." It also added that it has not seen evidence that the
          company's product build systems or hosted services were impacted. But the nature of CERs –
          often containing configuration details, authentication tokens, and remediation notes – means

          downstream risk to clients can be significant if those artifacts are genuine.

          "These CERs clearly contain and include confidential business/company data (credentials, env

          vars, architecture, code, internal designs, things that would grant an unauthorised party access
          to your network), and Red Hat failed to adequately protect them, you failed to preserve the
          secrecy of these trade secrets, as it was your utmost responsibility," Scattered Lapsus$ Hunters

          writes on its leak site, where it has also shared samples of what it claims is the stolen data.


          Whether Red Hat will negotiate, pay, or fight an extended public leak remains to be seen, but
          the public-facing partnership between Crimson Collective and the ShinyHunters affiliate shows
          extortion gangs are becoming more collaborative and, arguably, more dangerous. ®





























      https://www.theregister.com/2025/10/07/red_hat_breach_new_claims/                                             2/2