02.10.2025
2 min
528
Red Hat has acknowledged a security breach in its consulting business after the Crimson Collective claimed to have stolen 570GB of data from private GitHub repositories and customer CER reports.
The hackers said they had compromised about 28,000 internal projects and more than 800 customer interaction reports (CERs), which contain infrastructure data, configuration files, authentication tokens and other sensitive information. The information, they say, could allow them to gain access to customer networks, including large corporations and government agencies.
Red Hat confirmed the incident but declined to comment on the extent of the data stolen or the authenticity of the repository lists. The company said it was working to mitigate the impact and ensure the integrity of its services and software supply chain.
Crimson Collective said the breach occurred about two weeks ago. They claimed to have discovered authentication tokens, database URIs, and other critical information in CER code and reports. The group even posted lists of allegedly stolen data on Telegram, including information about customers such as Bank of America, AT&T, Walmart, Kaiser, Mayo Clinic, and even US government agencies. The hackers claim that they tried to contact Red Hat with a ransom demand, but received only formal responses from security services.
The Red Hat incident demonstrates a dangerous trend: even companies operating in the security-conscious enterprise solutions market are becoming victims of supply chain attacks. Publishing customer lists in open sources creates serious reputational and operational risks. Further developments in the case will show whether Red Hat will be able to minimize the damage and restore customer trust.
