Red Hat Says It’s Remediating GitLab Security ‘Incident’ At Consulting Arm

The IBM-owned company says it has ‘initiated necessary remediation steps’ after media outlets reported that a threat group claimed to compromise Red Hat code repositories.

Red Hat disclosed that it has “initiated necessary remediation steps” following a security incident involving a GitLab instance used by its consulting division.

The disclosure came after outlets including BleepingComputer and The Register indicated that the “Crimson Collective” threat group had claimed to have accessed private code repositories belonging to Red Hat.

[Related: 10 Major Cyberattacks And Data Breaches In 2025 (So Far)]

Impacted data includes certain sensitive customer information found in Customer Engagement Report documents, according to the media reports.

In response to an inquiry from CRN, Red Hat said in an email statement Thursday that it is “aware of reports regarding a security incident related to our consulting business and we have initiated necessary remediation steps.”

The incident being investigated by Red Hat is “related to a GitLab instance used solely for Red Hat Consulting on consulting engagements,” the IBM-owned company said in the statement.

Initial media reports had incorrectly linked the incident to a different code-hosting platform, Red Hat noted.

The company added that it has “no reason to believe the security issue impacts any of our other Red Hat services or products and [is] highly confident in the integrity of our software supply chain.”

In a statement provided to CRN, GitLab said that the security incident disclosed by Red Hat involved the company’s self-managed instance of GitLab Community Edition, which is a “free open-core” offering.

“Customers who deploy free, self-managed instances on their own infrastructure are responsible for securing their instances, including applying security patches, configuring access controls and maintenance,” GitLab said, adding that “there has been no breach of GitLab’s managed systems or infrastructure. GitLab remains secure and unaffected.”

In March 2024, Red Hat disclosed that XZ Utils, a widely used set of data compression tools and libraries in Linux distributions, was found to have been compromised in a supply chain hack. However, the insertion of a backdoor into the XZ Utils code was discovered by a Microsoft engineer and fixed quickly, preventing widespread impacts, the company said at the time.