The hackers, known as the Crimson Collective, have also claimed responsibility for a recent defacement of Nintendo’s topic page and have attempted to contact Red Hat for ransom, though their efforts have been met with automated responses.

The breach involves a substantial volume of source code and project data, raising concerns about proprietary information misuse and potential targeted attacks.

The breach reportedly occurred about two weeks prior to the public report, with hackers claiming to have obtained authentication tokens, database connection details, source code, security audits, and customer engagement reports from high-profile clients such as Bank of America, Walmart, the U.S. Navy, and the FAA.

Among the stolen data are detailed infrastructure configurations, VPN settings, CI/CD pipeline files, and proprietary tools, raising serious concerns about potential downstream impacts and national security implications.

Red Hat confirmed the breach but has not verified the claims of the Crimson Collective, stating that they have initiated remediation efforts and that their core enterprise products remain unaffected.

The company is actively investigating the incident, working with law enforcement, and notifying impacted customers, though details about how the breach occurred remain undisclosed.

The breach was isolated to a GitLab environment focused on consulting services, which may limit the overall impact, but the incident underscores vulnerabilities in cloud-based collaboration and repository management.

Industry experts highlight that insecure access tokens and API keys, especially in consulting scenarios, can lead to significant breaches, referencing past exploits like CVE-2021-22205.

A significant data breach involving Red Hat's consulting environment has been publicly disclosed, with hackers claiming to have accessed and stolen over 28,000 repositories, including sensitive client data from major corporations and government agencies.

The involvement of high-profile clients and government agencies amplifies concerns about national security, with some leaked data suggesting potential connections to agencies like the NSA.

The circulating files and samples of sensitive data have alarmed Red Hat's enterprise users, emphasizing the security risks posed by the breach.

Affected organizations, including financial institutions like Citi, are now conducting audits, credential rotations, and enhanced monitoring to prevent further targeted attacks.