Crimson Collective, cyber criminal gang claims to have stolen nearly 570GB of compressed data across 28,000 internal development respositories, with the company confirming it was a breach of one of its GitLab instances.
This data allegedly includes approximately 800 Customer Engagement Reports (CERs), which can contain sensitive information about a customer’s network and platforms.
Red Hat confirmed that it suffered a security incident related to its consulting business, but would not verify any of the attacker’s claims regarding the stolen GitLab repositories and customer CERs.
Red Hat is aware of reports regarding a security incident related to our consulting business and we have initiated necessary remediation steps,” Red Hat told BleepingComputer.
“The security and integrity of our systems and the data entrusted to us are our highest priority. At this time, we have no reason to believe the security issue impacts any of our other Red Hat services or products and are highly confident in the integrity of our software supply chain.”
After publishing our story, Red Hat confirmed that the security incident was a breach of its GitLab instance used solely for Red Hat Consulting on consulting engagements, and not GitHub.
While Red Hat did not respond to any further questions about the breach, the hackers told BleepingComputer that the intrusion occurred approximately two weeks ago.
They allegedly found authentication tokens, full database URIs, and other private information in Red Hat code and CERs, which they claimed to use to gain access to downstream customer infrastructure.
The hacking group also published a complete directory listing of the allegedly stolen GitLab repositories and a list of CERs from 2020 through 2025 on Telegram.
The directory listing of CERs include a wide range of sectors and well known organizations such as Bank of America, T-Mobile, AT&T, Fidelity, Kaiser, Mayo Clinic, Walmart, Costco, the U.S. Navy’s Naval Surface Warfare Center, Federal Aviation Administration, the House of Representatives, and many others.
