Red Hat: Customer Data Impacted In Breach Of Consulting Arm’s GitLab Instance

‘The compromised GitLab instance housed consulting engagement data,’ Red Hat says in an update about the incident.

Red Hat confirmed Thursday that data belonging to some customers of its consulting division was impacted in the breach of a Red Hat-managed GitLab instance.

The confirmation came after media outlets including BleepingComputer and The Register reported that the “Crimson Collective” threat group had claimed to have accessed private code repositories belonging to Red Hat, containing certain customer information.

[Related: 10 Major Cyberattacks And Data Breaches In 2025 (So Far)]

The IBM-owned company had earlier disclosed that it was remediating a security “incident” related to one of its GitLab instances and was investigating the potential impacts.

In its update posted online Thursday, Red Hat said that it “recently detected unauthorized access to a GitLab instance used for internal Red Hat Consulting collaboration in select engagements.”

The company’s investigation—which is still ongoing—“found that an unauthorized third party had accessed and copied some data from this instance,” Red Hat said in the post.

“The compromised GitLab instance housed consulting engagement data, which may include, for example, Red Hat’s project specifications, example code snippets, and internal communications about consulting services,” the company said.

However, “this GitLab instance typically does not house sensitive personal data [and] we have not identified sensitive personal data within the impacted data at this time,” Red Hat said.

The Red Hat post did not provide specifics about the initial access vector used by the threat actor or root cause that enabled the breach to occur.

In a statement provided to CRN Thursday, GitLab said that the breach involved Red Hat’s self-managed instance of GitLab Community Edition, which is a “free open-core” offering.

“Customers who deploy free, self-managed instances on their own infrastructure are responsible for securing their instances, including applying security patches, configuring access controls and maintenance,” GitLab said, adding that “there has been no breach of GitLab’s managed systems or infrastructure. GitLab remains secure and unaffected.”

Initial media reports had incorrectly linked the incident to an instance of a different code-hosting platform, Red Hat noted earlier Thursday.

In the post Thursday, Red Hat said that “at this time, we have no reason to believe this security issue impacts any of our other Red Hat services or products, including our software supply chain or downloading Red Hat software from official channels.”

For any organization that is not a Red Hat Consulting customer, “there is currently no evidence that you have been affected by this incident,” Red Hat said.