HQ/EMEAFind out how we can help your business
One of the major US food corporations, WK Kellogg, has notified its employees and vendors that its business data was stolen in a data breach. The notification also revealed that the attack was part of last year’s Cleo data theft campaigns.
Clop ransomware was the primary threat actor that targeted Cleo software last year. The software is a controlled file transfer program that the group widely exploited toward the end of last year.
This operation exploited two zero-day bugs, CVE-2024-50623 and CVE-2024-55956, allowing threat actors to enter servers and steal data.
WK Kellogg identified the Cleo exploit in its system last February.
According to the notification letter, WK Kellogg became aware of the Cleo compromise on February 27, 2025.
The corporation insisted that it immediately initiate an investigation and inform relevant parties. It also stated that it reached out to Cleo and told them that an unauthorised person acquired access to its servers, which they utilised to send employee files to its human resources service suppliers.
Although the corporation does not expressly identify Clop or the data theft attacks, the recorded occurrences correspond to the wave of attacks in December 2024.
Furthermore, the breach warnings come just after Clop added WK Kellogg to its data leak extortion website. The data breach notification letter to the authorities explained that the exposed data included a person’s name and social security number.
The message includes details on how recipients can sign up for free one-year identity monitoring and fraud protection services. Individuals impacted may also consider setting fraud warnings or freezing their credit files.
Kellogg claims it collaborated closely with Cleo to identify the security methods it deployed to resolve last year’s hack and prevent similar problems in the future. Kellogg is the latest organisation to suffer the Clop Cleo zero-day attacks.
As of now, the Clop threat group is still gradually revealing other victims and stolen data samples despite the campaign having concluded almost a year ago.
