Kellogg Company admits to a data breach of employee information due to a vulnerability in Cleo's file-transfer system.
In a troubling turn of events, food manufacturing giant WK Kellogg Co. has confirmed a data breach related to Cleo's file-transfer software. The hack, which occurred on December 7, 2024, affected at least one employee of the company, according to recent reports.
The hack on Cleo's file transfer platform was a zero-day vulnerability exploit, impacting over 1,000 companies during 2024-2025. The vulnerability allowed unauthenticated users to import or execute arbitrary bash or PowerShell commands, potentially exposing sensitive data during file transfers.
Researchers from Arctic Wolf reported in December that Cleo MFT products were being exploited as part of an effort to deploy Java-based backdoors. This malicious activity was traced to a threat actor group known as FIN11, which overlaps with the Clop ransomware gang. Clop is a notorious group known for deploying Java-based backdoors and has been linked to widespread attacks on file-transfer software, most notably the attacks on MOVEit file-transfer software in 2023.
While specific details linking WK Kellogg Co. to the Cleo hack are not yet available, the breached data included the name and Social Security number of one employee based in Maine. It is not immediately known if the personal data of other employees was also breached.
Just last week, Sam's Club announced it was investigating a potential attack after Clop referenced the company on its leak site. At the time of publication, a spokesperson for WK Kellogg was not immediately available for comment regarding any potential attack.
Despite the patch released by Cleo in October 2024 to address the vulnerability, security researchers found it inadequate in providing full protection from hacking. This raises concerns about the effectiveness of the patch and the potential for further vulnerabilities to be exploited.
As the investigation into the Cleo hack and its impact on various companies continues, it is crucial for organisations to review their security measures and take necessary steps to protect sensitive data. This incident serves as a reminder of the ever-present threat of cyber attacks and the importance of vigilance in maintaining cybersecurity.
- The cybersecurity incident with Cleo's file-transfer software in 2024 was a zero-day vulnerability that affected over 1,000 companies.
- The vulnerability in Cleo's platform allowed unauthenticated users to import or execute arbitrary bash or PowerShell commands, potentially exposing sensitive data during file transfers.
- Researchers have linked the Cleo hack to the FIN11 threat actor group, who have been known to deploy ransomware like Clop.
- As similar incidents can potentially involve data breaches of personal and sensitive information, it's critical for organizations to review their security measures, particularly in data-and-cloud-computing and technology sectors, and take necessary steps to protect their assets.
