Hackers Claim Massive Red Hat Breach

Image by Wayne Sutton, from Flickr

Hackers Claim Massive Red Hat Breach

Reading time: 3 min

Last Updated: Oct 3, 2025

Red Hat, an open-source software company, has confirmed a security breach after the hacking group Crimson Collective announced it obtained 570GB of compressed data from the company’s private GitHub repositories.

In a rush? Here are the quick facts:

  • The Crimson Collective says it breached 28,000 internal projects.
  • Data allegedly includes 800 Customer Engagement Reports (CERs).
  • CERs contain sensitive infrastructure, tokens, and client system details.

The group announced they obtained 28,000 internal projects and hundreds of Customer Engagement Reports (CERs), which contain sensitive client information, including network maps, authentication tokens, and configuration details.

“Red Hat is aware of reports regarding a security incident related to our consulting business and we have initiated necessary remediation steps,” the company told BleepingComputer.

Stephanie Wonderlick, Red Hat’s VP of communications, echoed this to 404 Media, adding: “The security and integrity of our systems and the data entrusted to us are our highest priority. At this time, we have no reason to believe the security issue impacts any of our other Red Hat services or products and are highly confident in the integrity of our software supply chain.”

The Crimson Collective, however, claims to have accessed authentication tokens and database connection strings, using them to “gain access to some of their client’s infrastructure as well,” as reported by The Register.

The group also published file listings on Telegram and claimed to hold CERs covering 2020 through 2025, allegedly involving major institutions including the U.S. Navy’s Naval Surface Warfare Center, the Federal Aviation Administration, Bank of America, Walmart, AT&T, T-Mobile, and the U.S. House of Representatives.

The group published file directories on Telegram while announcing possession of CERs spanning from 2020 to 2025. The profiles supposedly involve organizations like the U.S. Navy’s Naval Surface Warfare Center, the Federal Aviation Administration, Bank of America and Walmart, AT&T, T-Mobile, and the U.S. House of Representatives.

The hackers say they tried to contact Red Hat with an extortion demand but received only a generic response instructing them to submit a vulnerability report. “We have given them too much time already to answer lol instead of just starting a discussion they kept ignoring the emails,” they wrote on Telegram, as noted by 404Media.

Red Hat has not validated any information about stolen data or customer information exposure, according to their official statements. The Register reports that the extent of the breach remains unknown because Red Hat has not publicly confirmed the hackers’ statements about stolen data or customer exposure.

Did you like this article? Rate it!
I hated it I don't really like it It was ok Pretty good! Loved it!

We're thrilled you enjoyed our work!

As a valued reader, would you mind giving us a shoutout on Trustpilot? It's quick and means the world to us. Thank you for being amazing!

Rate us on Trustpilot
0 Voted by 0 users
Title
Comment
Thanks for your feedback