Red Hat confirms breach of GitLab instance, which stored company\u2019s consulting data | CyberScoop<\/title> <meta name=\"description\" content=\"The open-source software company said exposure is limited to consulting engagements, adding that it hasn\u2019t found evidence of personal or sensitive data theft.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/red-hat-gitlab-attack-consulting-data\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Red Hat confirms breach of GitLab instance, which stored company\u2019s consulting data\"> <meta property=\"og:description\" content=\"The open-source software company said exposure is limited to consulting engagements, adding that it hasn\u2019t found evidence of personal or sensitive data theft.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/red-hat-gitlab-attack-consulting-data\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-10-02T21:35:25+00:00\"> <meta property=\"article:modified_time\" content=\"2025-10-02T21:35:26+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/red-hat-confirms-breach-of-gitlab-instance-which-stored-companys-consulting-data-2.jpg\"> <meta property=\"og:image:width\" content=\"3624\"> <meta property=\"og:image:height\" content=\"2416\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1759256725g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1758741382g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1753281318g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/86231\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.8.3\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=86231\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fred-hat-gitlab-attack-consulting-data%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fred-hat-gitlab-attack-consulting-data%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-86231 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/red-hat-gitlab-attack-consulting-data\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"26.005524861878\">\n<div class=\"single-article__header-content\" readability=\"35.318181818182\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/red-hat-gitlab-attack-consulting-data\/\"> <span>Cybercrime<\/span> <\/a> <\/li>\n<\/ul>\n<p> The open-source software company said exposure is limited to consulting engagements, adding that it hasn\u2019t found evidence of personal or sensitive data theft. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/86231\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/red-hat-confirms-breach-of-gitlab-instance-which-stored-companys-consulting-data.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt=\"A visitor walks past Red Hat logo at the MWC in Barcelona on Feb. 27, 2023. (Pau Barrena\/Getty Images)\" decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/red-hat-confirms-breach-of-gitlab-instance-which-stored-companys-consulting-data-2.jpg 3624w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/red-hat-confirms-breach-of-gitlab-instance-which-stored-companys-consulting-data-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/red-hat-confirms-breach-of-gitlab-instance-which-stored-companys-consulting-data-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/red-hat-confirms-breach-of-gitlab-instance-which-stored-companys-consulting-data-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/red-hat-confirms-breach-of-gitlab-instance-which-stored-companys-consulting-data-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/red-hat-confirms-breach-of-gitlab-instance-which-stored-companys-consulting-data-2.jpg?resize=2048,1365 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/red-hat-confirms-breach-of-gitlab-instance-which-stored-companys-consulting-data-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/red-hat-confirms-breach-of-gitlab-instance-which-stored-companys-consulting-data-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/red-hat-confirms-breach-of-gitlab-instance-which-stored-companys-consulting-data-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/red-hat-confirms-breach-of-gitlab-instance-which-stored-companys-consulting-data-2.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/red-hat-confirms-breach-of-gitlab-instance-which-stored-companys-consulting-data-2.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> A visitor walks past Red Hat logo at the MWC in Barcelona on Feb. 27, 2023. (Pau Barrena\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"29.524085794655\"><body readability=\"60.435185185185\"><\/p>\n<p>Red Hat on Thursday confirmed an attacker gained access to and stole data from a GitLab instance used by its consulting team, exposing some customer data. The open-source software company, a subsidiary of IBM, said the breach is contained and an investigation into the attack is underway. <\/p>\n<p>\u201cUpon detection, we promptly launched a thorough investigation, removed the unauthorized party\u2019s access, isolated the instance, and contacted the appropriate authorities,\u201d Red Hat said in a <a href=\"https:\/\/www.redhat.com\/en\/blog\/security-update-incident-related-red-hat-consulting-gitlab-instance\">security update<\/a>. \u201cOur investigation, which is ongoing, found that an unauthorized third party had accessed and copied some data from this instance.\u201d<\/p>\n<p>Red Hat said the compromised GitLab instance contained work related to consulting engagements with some customers, including project specifications, example code snippets and internal communications about the consulting services. <\/p>\n<p>\u201cThis GitLab instance typically does not house sensitive personal data,\u201d Red Hat said. \u201cWhile our analysis remains ongoing, we have not identified sensitive personal data within the impacted data at this time.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>A cybercrime group calling itself Crimson Collective claimed responsibility for the attack and said it stole more than 28,000 repositories from Red Hat\u2019s GitLab instance. The threat group published a directory tree on Telegram listing the names of hundreds of companies it claims were impacted by the attack. <\/p>\n<p>The Centre for Cybersecurity Belgium published a <a href=\"https:\/\/ccb.belgium.be\/news\/hackers-crimson-collective-use-leaked-authentication-tokens-access-customer-systems\">warning<\/a> Thursday, describing the breach as a high risk that potentially exposed sensitive information including credentials, tokens and network configuration data shared with Red Hat\u2019s consulting team. <\/p>\n<p>\u201cWe have no reason to believe the security issue impacts any of our other Red Hat services or products and are highly confident in the integrity of our software supply chain,\u201d a spokesperson said in a statement. <\/p>\n<p>The company said potential exposure is limited to Red Hat Consulting customers, adding that those who are impacted will be notified directly.<\/p>\n<p>\u201cRed Hat takes the security and integrity of our systems and the data entrusted to us extremely seriously, and we are addressing this issue with the highest priority,\u201d the company said.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Red Hat did not say when it detected the intrusion, but said additional hardening measures have been implemented to prevent further access.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.8351177730193\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/red-hat-confirms-breach-of-gitlab-instance-which-stored-companys-consulting-data-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/red-hat-gitlab-attack-consulting-data\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Red Hat confirms breach of GitLab instance, which stored company\u2019s<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[5033,1036,282,78,5145,4181,1073,3288,2767,310],"tags":[5035,1040,286,86,5146,4183,1076,3290,2768,311],"class_list":["post-8048","post","type-post","status-publish","format-standard","hentry","category-attack","category-breach","category-cybercrime","category-cybersecurity","category-gitlab","category-ibm","category-open-source","category-open-source-software","category-red-hat","category-technology","tag-attack","tag-breach","tag-cybercrime","tag-cybersecurity","tag-gitlab","tag-ibm","tag-open-source","tag-open-source-software","tag-red-hat","tag-technology"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/attack\/\" rel=\"category tag\">attack<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/breach\/\" rel=\"category tag\">breach<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/gitlab\/\" rel=\"category tag\">GitLab<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ibm\/\" rel=\"category tag\">IBM<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/open-source\/\" rel=\"category tag\">open source<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/open-source-software\/\" rel=\"category tag\">open source software<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/red-hat\/\" rel=\"category tag\">Red Hat<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/technology\/\" rel=\"category tag\">Technology<\/a>","tag_info":"Technology","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8048","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8048"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8048\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8048"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8048"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8048"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":8048,"date":"2025-10-02T16:35:25","date_gmt":"2025-10-02T21:35:25","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=86231"},"modified":"2025-10-02T16:35:25","modified_gmt":"2025-10-02T21:35:25","slug":"red-hat-confirms-breach-of-gitlab-instance-which-stored-companys-consulting-data","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/10\/02\/red-hat-confirms-breach-of-gitlab-instance-which-stored-companys-consulting-data\/","title":{"rendered":"Red Hat confirms breach of GitLab instance, which stored company\u2019s consulting data"},"content":{"rendered":"