Data from 28,000 internal projects at Red Hat has been stolen. The hacker group Crimson Collective claims to have stolen nearly 570GB of data.
The stolen information is not only affecting Red Hat: BleepingComputer reports that customer data from around 800 Customer Engagement Reports has also been stolen. The hackers claim that the breach took place around two weeks ago. Customer Engagement Reports (CERs) are documents that contain infrastructure details, configuration data, authentication keys, and other sensitive customer information. This information could potentially be misused to infiltrate customer networks.
According to the attackers, they found authentication keys, full database URIs, and other private information in the Red Hat code and CERs, which they allegedly used to gain access to downstream customer infrastructure. On Telegram, the hacker group published a complete directory listing of stolen GitHub repositories, along with a list of customer reports from the period 2020-2025.
Confirmation of security incident
Red Hat has confirmed the security incident but declined to comment on the attackers’ specific claims regarding the GitHub repositories and customer reports. The company emphasizes that there is no reason to believe that the security issue affects other Red Hat services or products. Red Hat says it is very confident in the integrity of its software supply chain.
The CER list includes organizations from various sectors, including major international names such as Bank of America, T-Mobile, AT&T, Fidelity, and Walmart.
Extortion attempt
According to the hackers, they attempted to contact Red Hat with extortion demands, but received only a standard response asking them to submit a vulnerability report to the security team. The ticket they created was reportedly forwarded repeatedly to various individuals, including employees of Red Hat’s legal and security departments.
The same group also claimed responsibility for briefly vandalizing Nintendo’s topic page last week. Red Hat has not responded to further questions. The company continues to emphasize that the security and integrity of systems and entrusted data are its highest priority.
Also read: Google refutes reports of major Gmail breach