Walmart Owned Sam’s Club Investigates Clop’s Ransomware Claim

• Clop added the retail store giant Sam’s Club to their victim list on the dark web portal
• The Walmart-owned store confirmed investigating a potential security incident without disclosing any other details
• This is the second security incident after the credential stuffing attack the company suffered in 2020

The retail store Sam’s Club owned by Walmart has reportedly been breached by the Clop ransomware group. The Clop ransomware group which has been extorting several of its victims after exploiting the Cleo zero-day vulnerability, has named the membership warehouse club to its victim list.

Cybersecurity researcher Dominic Alvieri posted about the ransomware claim on X saying, “Sam’s Club is about to be leaked” suggesting that no data has been released so far. This also points toward the company being sent a ransom note or a deadline for payment failing which all the exfiltrated data may be released on Clop’s Data Leak Site (DLS).

Bleeping Computer shared the above screenshot from Clop’s dark web portal which mentioned the company details like where it is headquartered and its revenue. The post concluded with the common warning/ rant that read, “The company doesn’t care about its customers. It ignored their security.”

Responding to a media inquiry, the company said, “We are aware of reports regarding a potential security incident and are actively investigating the matter.”

This is not the first time Sam’s Club has been targeted by threat actors. The company’s customers suffered credential-stuffing attacks in 2020 which led to account takeovers. Threat actors were reportedly using stolen login details to gain unauthorized access to user accounts. 

Most attempts were foiled as the company promptly notified customers about the threat. The company also proactively changed account passwords to protect the customers’ data.