Red Hat Confirms GitLab Security Incident, Data Theft Claimed by Crimson Collective
Red Hat has confirmed a security incident involving its consulting GitLab environment. The company assures customers that other services and products remain unaffected, and the software supply chain is secure. However, a group called the Crimson Collective claims to have stolen sensitive data.
The incident, which occurred around the end of August 2025, saw an unauthorized third party access and copy data from a Red Hat Consulting-managed GitLab instance. Red Hat has not specified the nature of the data taken or whose it was. The Crimson Collective, claiming responsibility, alleges it stole hundreds of Customer Engagement Reports containing sensitive information.
Belgium's national cybersecurity authority has issued an advisory warning of potential supply chain impact. Organizations are urged to revoke and rotate credentials. Red Hat has engaged security experts and notified law enforcement, but the method of intrusion remains unknown. The company has not mentioned any ransomware or extortion demands, and the group has not established a track record for such activities. The incident comes shortly after Red Hat patched a critical bug in OpenShift AI, raising concerns about the timing and potential impact. The Crimson Collective claims to have hit downstream Red Hat customers, but Red Hat has not confirmed this.
Red Hat is investigating the incident and working to mitigate any potential impacts. Customers are advised to monitor their systems and follow best practices for cybersecurity. The company assures that the software supply chain remains intact, and other services and products are unaffected.
