**RED HAT GITLAB BREACH EXPOSES DATA OF 21,000 NISSAN CUSTOMERS**
The latest data breach to rock the tech world has been revealed, with hackers breaching Red Hat's GitLab instance, stealing sensitive information from a staggering 21,000 Nissan customers. The Japanese carmaker confirmed that their customer management system, developed by Red Hat Consulting, was compromised through a self-managed GitLab instance.
The incident came to light after the Crimson Collective claimed to have stolen 570GB of data from Red Hat's private GitHub repositories in October. This included 28,000 projects and approximately 800 Customer Engagement Reports (CERs) containing sensitive network information. The CERs often contain crucial details such as infrastructure configurations, tokens, and other sensitive data that attackers could exploit to target customers' networks.
Red Hat confirmed the breach but declined to verify the Crimson Collective's claims. On September 24, 2025, the threat actors shared a full file tree, CER list, and screenshots on Telegram as proof of the security breach. The message read: "Btw gained access to some of their client's infrastructure as well, already warned them but yeah they preferred ignoring us."
The file tree revealed thousands of repositories referencing major banks, telecoms, airlines, and public-sector organizations, including Citi, Verizon, Siemens, Bosch, JPMC, HSBC, Merrick Bank, Telstra, Telefonica, and even the U.S. Senate.
Red Hat stated that protecting systems and data is their top priority, emphasizing that the incident does not affect their other services or products and their supply chain remains secure. However, the unauthorized access to the GitLab instance has led to a significant security breach for Nissan customers.
**NISSAN CUSTOMERS AFFECTED**
Nissan Motor Co., Ltd. revealed that they had been informed by Red Hat about the data server being accessed illegally and data leaked. The compromised data includes personal details of approximately 21,000 customers of Nissan Fukuoka Sales, including names, addresses, phone numbers, partial email addresses, and sales-related information.
Nissan assured that no financial data or additional customer records were affected by the breach. Red Hat informed Nissan about the incident on October 3, 2025, a week after the incident occurred. The company is directly contacting customers whose personal information may have been leaked, urging them to stay alert for suspicious calls or mail.
"Nissan takes this incident very seriously and will strengthen its monitoring of its subcontractors and take further steps to strengthen information security," Nissan stated in their notification. "We would like to once again offer our deepest apologies to our customers for any inconvenience caused."