WK Kellogg, the parent company of Kellogg's, has been the victim of a cyberattack that compromised personal data of employees and suppliers. The security breach occurred in December 2024, but it was not detected until February 2025, allowing the attackers to access the information for nearly three months without being discovered. Among the data exposed are names and social security numbers.
The incident is linked to a cyberattack campaign carried out by the Clop ransomware group, that exploited zero-day vulnerabilities in Cleo file transfer software. These vulnerabilities, identified as CVE-2024-50623 and CVE-2024-55956, allowed attackers to infiltrate servers and steal sensitive information.
After discovering the gap, WK Kellogg notified authorities and affected individuals, initiating an investigation to mitigate the impact of the attack. The company joins a growing list of organizations that have been targeted by similar attacks, including Western Alliance Bank, who recently reported a violation that affected approximately 22.000 clients.
This incident underscores the growing threat that cyberattacks pose to businesses, especially those that handle large volumes of sensitive data. Exploiting vulnerabilities in widely used software, as Cleo, highlights the need to strengthen security measures and maintain constant vigilance to protect critical information.
Fountain: Digital Shield
Photo by Pixel Senses