Red Hat Confirms Breach of GitLab Instance, Customer Network Blueprints Stolen

IBM’s enterprise Linux subsidiary, Red Hat, has confirmed that its managed repository—hosted on the GitLab platform—was compromised in a cyberattack. The attackers reportedly exfiltrated 570 GB of compressed data from 28,000 internal repositories, including approximately 800 Customer Engagement Reports (CERs).

These Customer Engagement Reports are consulting documents prepared by Red Hat for corporate clients, often containing highly sensitive information such as infrastructure details, configuration data, authentication tokens, and other assets that could be exploited to compromise client networks.

Red Hat has officially acknowledged that a subsystem was indeed breached but declined to confirm or deny the attackers’ identity or the veracity of their claims regarding the CER data. The company stated that it is aware of the security incident and has taken all necessary remediation measures.

Interestingly, according to the attackers, their original plan was to extort Red Hat — to demand a ransom in exchange for not leaking the stolen data. However, the company’s response reportedly deviated from their expectations.

After sending a ransom email, the hackers received what appeared to be a generic, automated response from Red Hat, instructing them to contact the company’s security team through the standard vulnerability disclosure process. Following that, the attackers claim they received no further communication — neither from Red Hat nor from its security division.

The hackers also stated that their submitted ransom ticket was repeatedly reassigned between departments, including Red Hat’s legal and security teams, but no one ever responded to it. As a result, there was no discussion of ransom payment at all.

In its official statement, Red Hat added a notice about the incident to its security advisory list, confirming that the attackers had gained access to the GitLab instance used by the company’s consulting division. The company emphasized that once the unauthorized access was detected, a thorough investigation was launched, and the intruders’ credentials were revoked immediately.

Red Hat stressed that the investigation remains ongoing and that it is currently unable to share further details. However, the company underscored that the incident was limited to its consulting division, asserting that no other Red Hat products, supply chains, or software security components were affected by the breach.

Related Posts:

• Unlocking Real-Time Translation: Microsoft Edge’s AI Breakthrough
• SEC Consult has discovered ‘multiple critical vulnerabilities’ in the Mi-Cam baby monitors