Red Hat Confirms Major Data Breach Involving 28,000 Private Repositories

Red Hat has confirmed that its internal GitLab instance used by the Consulting team was breached by the group Crimson Collective. The attackers claim to have stolen 570 GB of compressed data from more than 28,000 private repositories.

The compromised data reportedly includes sensitive assets such as CI/CD pipeline configurations, VPN profiles, infrastructure blueprints, Ansible playbooks, OpenShift deployment guides, and container registry details. Analysts warn that this information could enable secondary supply chain attacks against Red Hat’s consulting clients.

Researchers note that the leaked repositories reference a wide range of organizations — from global banks and telecom firms to industrial companies and even government entities. Stolen SSH keys, API tokens, and database strings could allow attackers to maintain persistent access into downstream systems.

Red Hat says the incident has not impacted its primary software supply chain or official distribution channels. The company has revoked unauthorized access, isolated the GitLab instance, begun a forensic investigation, and notified law enforcement. Direct communication with potentially affected consulting clients is underway.

Security experts caution that exposed Kubernetes manifests, DevOps automation scripts, and credential management files represent valuable “blueprints” for targeting cloud-native infrastructures. While the malware itself wasn’t advanced, the sensitivity and scale of the breach make it one of the largest source code exposures in recent years.