
Kellogg's, the American food manufacturing giant disclosed a security breach to the New Hampshire Attorney General’s office on April 4, 2025. The breach stems from the exploitation of a vulnerability in Cleo, a vendor providing secure file transfer services.
Following this cyber attack, the Clop ransomware group purportedly behind the incidents began extorting all the clients they managed to infiltrate. One among them was Kellogg's which learned of unauthorized access on its systems on occurred on February 27, 2025.
Investigations revealed that Clop gained access to its servers on December 7, 2024. The breached servers were hosted by Cleo and used by WK Kellogg Co. for transferring files to their human resources vendors, a Claim Depot report stated.
Sensitive employee data and personally identifiable information (PII) were stored in the impacted servers and thus exposed to Clop. It is speculated that the type of PII included names, addresses, Social Security numbers, and dates of birth.
The food company got in touch with Cleo to ask for a detailed list of files stored on the exposed servers to identify affected persons. Although the total number of individuals nationwide remains unclear, the report stated that three individuals were impacted.
“CL0P is a known cybercriminal group specializing in ransomware attacks, often targeting organizations by exploiting vulnerabilities in third-party software and services,” the report further added.
The group has been extorting thousands of companies after making its way into their systems through vulnerability exploitation in their file-sharing platforms.
They recently claimed a cyber attack on Sam’s Club following which the company began investigating the incident. A chain of attacks was launched earlier by Clop after exploiting the MOVEit file-sharing platform that exposed several of its clients.