This article has been updated to correct a factual error. The original version incorrectly stated that the Red Hat security incident involved GitHub. Red Hat has clarified that the incident was related to a specific GitLab instance used for Red Hat Consulting engagements, not Github. The original post has been corrected below.
The Crimson Collective extortion group claims to have breached private repositories on a GitLab instance of Red Hat, a prominent American multinational software company that provides open-source software products to enterprises.
While Red Hat has not made an official public announcement confirming a data breach, the company did acknowledge the event in a statement to BleepingComputer. “Red Hat is aware of reports regarding a security incident related to our consulting business, and we have initiated necessary remediation steps,” the company stated.
The actor alleges that they attempted to contact Red Hat with an extortion demand but received only a templated reply instructing them to submit a vulnerability report. The group posted screenshots of their interactions and the allegedly stolen data on their Telegram channel.
According to the actor, the stolen information amounts to nearly 570GB of compressed data and includes:
- Over 28,000 internal repositories from the GitLab instance
- Customer Engagement Reports (CERs), which may contain sensitive information about customer networks and infrastructure
- Authentication tokens
- Database URIs
- Source code and internal project files
An analysis of the leaked file directory names reveals a significant number of high-profile Red Hat clients whose projects and data may have been compromised. The list includes major international companies across finance, automotive, telecommunications, technology, and government sectors. A partial list of the exposed clients includes:
- 3M
- Accenture
- Adobe
- Airbus
- Amadeus
- American Express (Amex)
- AT&T
- Bank of America
- Barclays
- Best Buy
- Boeing
- Bosch
- Canon
- Charter Communications
- Cisco
- Citi
- Comcast
- Credit Suisse
- Dell EMC
- Delta Air Lines
- Deutsche Bank
- Ericsson
- ExxonMobil
- FedEx
- Fidelity
- Ford
- Fujitsu
- Goldman Sachs
- Hitachi
- Honda
- HSBC
- Huawei
- IBM
- Intel
- JPMorgan Chase (JPMC)
- Kaiser Permanente
- Leidos
- Lloyds Bank
- Lockheed Martin
- Marriott
- Morgan Stanley
- NASA
- Nestlé
- Nissan
- Nokia
- NVIDIA
- Oracle
- Orange
- Palo Alto Networks
- Pirelli
- Prudential
- Qatar Airways
- Rakuten
- Raytheon
- Roche
- Samsung
- Santander
- SAP
- Shell
- Siemens
- Sony
- Starbucks
- State Street
- Swisscom
- Takeda
- Telefónica
- Tesco
- T-Mobile
- Toyota
- UBS
- Unilever
- United Airlines
- USPS
- Verizon
- Vodafone
- Volkswagen
- Volvo
- Wells Fargo
- Workday
- Zurich Insurance Group












