Hackers claim to have stolen 28,000 private repositories, including data associated with major companies that use Red Hat services.

The post Red Hat Confirms GitLab Instance Hack, Data Theft appeared first on SecurityWeek.

Red Hat on Thursday confirmed an attacker gained access to and stole data from a GitLab instance used by its consulting team, exposing some customer data. The open-source software company, a subsidiary of IBM, said the breach is contained and an investigation into the attack is underway. 

“Upon detection, we promptly launched a thorough investigation, removed the unauthorized party’s access, isolated the instance, and contacted the appropriate authorities,” Red Hat said in a security update. “Our investigation, which is ongoing, found that an unauthorized third party had accessed and copied some data from this instance.”

Red Hat said the compromised GitLab instance contained work related to consulting engagements with some customers, including project specifications, example code snippets and internal communications about the consulting services. 

“This GitLab instance typically does not house sensitive personal data,” Red Hat said. “While our analysis remains ongoing, we have not identified sensitive personal data within the impacted data at this time.”

GitLab underscored that the incident involves a self-managed instance of its free GitLab Community Edition. “There has been no breach of GitLab’s managed systems or infrastructure. GitLab remains secure and unaffected,” a GitLab spokesperson said in a statement.

“Customers who deploy free, self-managed instances on their own infrastructure are responsible for securing their instances, including applying security patches, configuring access controls, and maintenance,” the spokesperson added.

A cybercrime group calling itself Crimson Collective claimed responsibility for the attack and said it stole more than 28,000 repositories from Red Hat’s GitLab instance. The threat group published a directory tree on Telegram listing the names of hundreds of companies it claims were impacted by the attack. 

The Centre for Cybersecurity Belgium published a warning Thursday, describing the breach as a high risk that potentially exposed sensitive information including credentials, tokens and network configuration data shared with Red Hat’s consulting team. 

“We have no reason to believe the security issue impacts any of our other Red Hat services or products and are highly confident in the integrity of our software supply chain,” a spokesperson said in a statement. 

The company said potential exposure is limited to Red Hat Consulting customers, adding that those who are impacted will be notified directly.

“Red Hat takes the security and integrity of our systems and the data entrusted to us extremely seriously, and we are addressing this issue with the highest priority,” the company said.

Red Hat did not say when it detected the intrusion, but said additional hardening measures have been implemented to prevent further access.

Update: 10/3/2025, 10:13 a.m.: This story was updated to include comments from GitLab.

The post Red Hat confirms breach of GitLab instance, which stored company’s consulting data appeared first on CyberScoop.