Overview

• Red Hat says an unauthorized party accessed and copied data from a GitLab instance used by its consulting team, removed the access, isolated the system, and contacted authorities.
• A group calling itself Crimson Collective claims it stole roughly 570GB from about 28,000 repositories, including some 800 Customer Engagement Reports, and has posted directory listings and samples.
• Red Hat reports no evidence that the incident affects other products, services, or its software supply chain and says the consulting instance typically does not store sensitive personal data.
• Potential exposure is limited to consulting engagements, with impacted customers to be notified, as Belgium’s national cyber center flagged high risk from possible credentials and network details in consulting documents.
• The attackers allege they used discovered tokens to reach some customer systems and attempted extortion, claims that remain unverified as Red Hat’s investigation continues and additional hardening is implemented.