Red Hat GitLab breach exposes data of 21,000 Nissan customers

Red Hat GitLab breach exposes data of 21,000 Nissan customers

Pierluigi Paganini
December 23, 2025

Hackers breached Red Hat’s GitLab, stealing data of 21,000 customers; Nissan confirmed exposure via a self-managed GitLab instance.

Japanese carmaker Nissan disclosed a data breach tied to a self-managed GitLab instance used by Red Hat Consulting.

Threat actors gained access to the GitLab instance, stealing data from 21,000 customers.

In October, the Crimson Collective claimed it had stolen 570GB from Red Hat ’s private GitHub repositories, including 28,000 projects and approximately 800 Customer Engagement Reports (CERs) with sensitive network data. CERs often contain sensitive info, including infrastructure details, configurations, and tokens that attackers could exploit to target customers’ networks.

The U.S.-based multinational software company confirmed the data breach, but did not verify Crimson Collective.

On September 24, 2025, the threat actors shared on a Telegram channel a full file tree, CER list, and screenshots as proof of the security breach.

“Btw gained access to some of their client’s infrastructure as well, already warned them but yeah they preferred ignoring us,” the Crimson Collective wrote on Telegram.

The file tree includes thousands of repositories referencing major banks, telecoms, airlines, and public-sector organizations, such as Citi, Verizon, Siemens, Bosch, JPMC, HSBC, Merrick Bank, Telstra, Telefonica, and even mentions the U.S. Senate.

The threat actor also shared evidence of their attempt to contact RedHat.

Red Hat said protecting systems and data is a top priority, adding the incident doesn’t affect its other services or products, and its supply chain remains secure.

The Nissan data breach stemmed from the unauthorized access to a GitLab instance holding sample code, internal communications, and project specifications.

“Nissan Motor Co., Ltd. received a report from Red Hat, the company it had contracted to develop a customer management system for its dealerships, that the company’s data server had been accessed illegally and data had been leaked.” reads the data breach notification published by the company. “It was subsequently confirmed that the data leaked from the company included some customer information for Nissan Fukuoka Sales Co., Ltd.”

Nissan says data stolen from a compromised Red Hat GitLab instance included personal details of about 21,000 customers of Nissan Fukuoka Sales. The compromised data includes names, addresses, phone numbers, partial email addresses, and sales-related information.

Nissan pointed out that no financial data or additional customer records were affected. Red Hat informed Nissan of the breach on October 3, about a week after the incident.

“Nissan received a report from Red Hat on October 3, 2025, and immediately reported the incident to the Personal Information Protection Commission. Nissan is also directly contacting customers whose personal information may have been leaked.” continues the notification.

There is no evidence that the leaked data has been misused so far, but customers are urged to stay alert for suspicious calls or mail.

“Nissan takes this incident very seriously and will strengthen its monitoring of its subcontractors and take further steps to strengthen information security.” concludes the notification. “We would like to once again offer our deepest apologies to our customers for any inconvenience caused.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon