10/8/25, 3:34 PM                           Hackers breach Red Hat consulting GitLab, steal customer data
        Hackers breach Red Hat consulting GitLab, steal customer data
        by VARINDIA   2025-10-07

                                                                  Share

                                                     Red  Hat  confirmed  unauthorized  access  to  its  GitLab
                                                     instance containing project data, and while no personal
                                                     details  were  found,  analysts  warn  leaked  credentials,
                                                     VPN profiles, and CERs may pose phishing and security
                                                     risks




                                                     Red  Hat  has  disclosed  a  security  incident  involving
                                                     unauthorized  access  to  its  consulting  division’s  self-
                                                     managed  GitLab  instance,  resulting  in  the  exposure  of
                                                     customer engagement data. The company emphasized that
                                                     the breach did not impact its core products, supply chain, or
                                                     services.

        In a recent security advisory, Red Hat said the compromised GitLab environment was used internally for consulting projects. The
        breach was linked to a group calling itself Crimson Collective, which claimed responsibility via Telegram and alleged it had exfiltrated
        around 570GB of data from over 28,000 projects, including approximately 800 customer engagement reports.

        Scope of exposure and customer impact
        Red Hat said its investigation, still ongoing, confirmed that a third party accessed and copied data from the GitLab instance, which
        typically  contains  project  materials  such  as  code  samples,  internal  communications,  and  specifications.  The  company  has  since
        blocked the unauthorized access and implemented further security measures.

        While Red Hat has not found sensitive personal data in the compromised materials so far, cybersecurity analysts warn the breach
        could  be  more  serious.  Leaked  data  reportedly  includes  credentials,  VPN  profiles,  CI/CD  secrets,  and  infrastructure  blueprints.
        Analysts from ZeroFox noted that customer engagement reports (CERs) may contain names, emails, and phone numbers—valuable
        information for potential phishing or social engineering attacks.

        A  leaked  file  tree  suggests  the  incident  could  affect  major  organizations  including Adobe,  Citi,  Boeing,  HSBC,  and  several  U.S.
        federal agencies. British cybersecurity expert Kevin Beaumont estimated the full dataset could amount to nearly a terabyte once
        uncompressed.
        Crimson collective and broader activity

        Crimson Collective first appeared online in late September and has since claimed multiple breaches, including of Nintendo and Claro
        Colombia. Cyber intelligence firm SOCRadar reports the group focuses on exploiting misconfigured cloud environments and exposed
        credentials, using Telegram to leak stolen data and pressure victims.

        Red Hat confirmed that this breach is unrelated to a separate vulnerability (CVE-2025-10725) disclosed the day prior, which affects
        Red Hat OpenShift AI. That flaw allows privilege escalation and could potentially lead to full platform compromise if exploited.

        Red Hat says it is continuing to notify affected customers and is committed to transparency as its investigation progresses.

















      https://www.varindia.com/news/hackers-breach-red-hat-consulting-gitlab-steal-customer-data                    1/1