Red Hat's GitLab breach exposes customer network blueprints, posing a widespread supply chain attack risk.

Continue reading
A cyberattack on Red Hat's consulting division stole sensitive customer documents containing network configurations and credentials, creating potential downstream security risks for thousands of organisations.
Red Hat, the open-source software giant now owned by IBM, has confirmed a significant security breach. The incident involved unauthorized access to a self-managed GitLab instance used exclusively by its internal Red Hat Consulting team .
Upon detecting the intrusion, Red Hat's security team took action by removing the threat actor's access, isolating the compromised instance, and launching an investigation . The company has stated that the breach is contained and does not impact its core products or software supply chain .
A cybercrime group calling itself "Crimson Collective" has claimed responsibility for the attack. While Red Hat has confirmed data was copied, it has not verified the attackers' specific claims .
The table below summarizes the key details of the stolen data based on public claims and Red Hat's statements:
| Aspect | Details |
|---|---|
| Claimed Data Volume | Nearly 570 GB of compressed data . |
| Claimed Repositories | Approximately 28,000 internal development repositories . |
| Key Data Type | Roughly 800 Customer Engagement Reports (CERs) from 2020-2025 . |
| Red Hat's Confirmation | The instance housed consulting data like project specs, code snippets, and internal communications . |
The most significant threat from this breach stems from the exposure of Customer Engagement Reports (CERs). These are not standard marketing documents but detailed technical and architectural blueprints created by Red Hat's consultants .
According to cybersecurity advisories and analysis, these CERs can contain :
The Centre for Cybersecurity Belgium (CCB) has assessed this breach as a "high risk" because this information could be weaponized to breach customer networks directly . The stolen data allegedly pertains to a wide range of high-profile organizations, including telecoms, financial institutions, and government agencies .
If your organisation is or has been a Red Hat Consulting customer, you should take immediate proactive measures. The following checklist outlines critical actions to protect your environment.

Key details about the breach remain unclear, leaving customers with unresolved concerns:
This incident highlights the sophisticated threats facing software supply chains and the critical importance of securing development and collaboration environments. Red Hat's core product integrity remains intact, but the breach shows that attack surfaces extend beyond code to include internal documents and communications .
It is also crucial to note that GitLab's own platform and infrastructure were not compromised . This incident involved Red Hat's self-managed instance of GitLab Community Edition, for which the customer is responsible for security, maintenance, and applying patches .
This is a developing story. As the investigation continues, more specific guidance for affected customers is expected from Red Hat. For the latest official information, monitor the Red Hat security blog .

A third-party software flaw inside one of Japan's largest telcos exposed login credentials for up to 14.2 million email accounts across six ISPs. The passwords? Some were hashed. Some may not have been