Excerpt from BleepingComputer Article, Published on October 6, 2025
Enterprise software leader Red Hat is facing escalating extortion pressures following a major data breach disclosed last week. The breach was initially claimed by the hacker group Crimson Collective, who allegedly stole nearly 570GB of data across 28,000 internal GitLab repositories. Among the stolen material are approximately 800 Customer Engagement Reports (CERs), which contain detailed and sensitive information about customers’ networks, infrastructures, and systems. This leak raises significant concerns for the impacted clients, including some high-profile organizations like Walmart, HSBC, the Bank of Canada, American Express, and the U.S. Department of Defense.
After Red Hat did not respond to ransom demands, the situation intensified when ShinyHunters, a known extortion-as-a-service gang, joined forces with Crimson Collective and Scattered Lapsus$ Hunters to amplify extortion attempts. ShinyHunters published samples of stolen data on their newly launched data leak site, warning Red Hat that all stolen data would be publicly released by October 10 if ransom negotiations did not begin.
Red Hat has confirmed that the breach affected its GitLab environment used exclusively for consulting engagements, emphasizing that the company’s broader GitHub repositories and core product systems remain secure. Immediate measures, including isolating the affected system and involving authorities, were taken once the unauthorized access was detected. Red Hat continues to investigate the incident and is notifying affected customers.
This incident highlights the growing threat posed by coordinated cybercriminal alliances leveraging extortion-as-a-service models to maximize pressure on victims. Organizations like Red Hat must enhance their security validation and monitoring to counter evolving extortion tactics and safeguard sensitive data.
To delve deeper into this topic, visit the BleepingComputer article.
