HQ/EMEAFind out how we can help your business
Sam’s Club is investigating claims of a Clop ransomware breach after the cybercrime group listed the company on its dark web leak site. The American warehouse retailer, a subsidiary of Walmart, has not yet confirmed any security incident but has acknowledged awareness of the reports and is actively looking into the matter.
Sam’s Club operates over 600 warehouse clubs in the United States and Puerto Rico, with almost 200 more in Mexico and China. It employs more than 2.3 million people and reported $84.3 billion in revenue for the fiscal year ending January 2023. Given its vast operations and customer base, any potential data breach raises concerns about information security.
A spokesperson for the company stated that protecting the privacy and security of its members is a top priority. While no further details were provided, the Clop ransomware gang has accused the retailer of neglecting customer security. However, the group has yet to release any proof of the alleged breach, leaving the situation uncertain.
The Clop ransomware gang has been actively targeting organisations worldwide, exploiting vulnerabilities to steal data.
In January, the group launched a series of extortion attempts against victims affected by a major security flaw in the Cleo secure file transfer software (CVE-2024-50623). While the exact number of impacted companies is unknown, Cleo claims over 4,000 organisations use its products. Among the victims, Western Alliance Bank confirmed last week that Clop stole customer data in October by exploiting a vulnerability in third-party software.
This incident is not the first security issue linked to Sam’s Club.
In October 2020, the company reset passwords for affected customers after a credential-stuffing attack in which cybercriminals used previously stolen login details to access accounts. At the time, Sam’s Club clarified that its systems were not breached, attributing the incident to stolen credentials from phishing attacks and data leaks at other companies.
With no concrete evidence yet from the Clop ransomware group, it remains unclear whether Sam’s Club has suffered a data breach. However, the company’s response suggests it is taking the claims seriously. Customers and members are advised to remain vigilant, update passwords regularly, and monitor for any suspicious activity while the investigation continues.
