WK Kellogg, the North American cereal giant, has suffered a data breach impacting an unknown number of victims.
Earlier this year, WK Kellogg became aware of an incident affecting the third-party vendor Cleo, which is responsible for secure file transfers.
The company told the cereal giant that an unauthorized actor had gained access to its servers, which Cleo hosted, late last year.
These servers were used to transfer employee files to WK Kellogg’s human resources service vendors.
Cleo then gave WK Kellogg the list of files that were on the affected servers – the potential personal information involved includes names and Social Security numbers.
However, the breach notification to the Office of the Maine Attorney General states that only one Maine resident was involved.
Another breach notification submitted to the New Hampshire Attorney General's office said that three people were affected by the breach, yet the total number of affected individuals remains unclear.
When checking Cybernews' Ransomlooker tool we discovered that Cl0p, a prolific ransomware gang, were responsible for the attack on WK Kellogg.
Cybernews has reached out to WK Kellogg for comment.
WK Kellogg is offering one year of credit monitoring and identity theft protection services to those affected by the breach in Maine and New Hampshire.
Cl0p and Cleo
A similar incident happened to Walmart’s Sam’s Club, which was attacked by the ransomware gang Cl0p as the group exploited vulnerabilities in Cleo file-sharing software.
The hackers leveraged critical zero-day vulnerabilities affecting Cleo software products, which are widely used for secure file transfer and business integration processes.
The ransomware gang also claimed to publish a slew of files belonging to the US-based cloud storage company Rackspace Technology.
The Rackspace leak was first revealed in late February, sitting above an alphabetical list of roughly 170 other victim companies, all purportedly part of a Cl0p hacking spree that exploited two zero-day vulnerabilities in Cleo's file transfer software programs, including Cleo Harmony, Cleo VLTrader, and Cleo LexiCom.
The ransomware group began leaking scores of victims from the Cleo hacks just days before the New Year. Since then, dozens of those companies have been listed as published on the Cl0p site.
Other Cleo hack victims claimed on the Cl0p site include major companies and organizations, such as Western Alliance Bank. According to the US office of the Maine Attorney General, the US-based bank only notified the 22,000 customers affected by the leak on March 14th.
Your email address will not be published. Required fields are markedmarked