WK Kellogg confirms employee data breach tied to Cleo file-transfer flaw
WK Kellogg Co. confirmed that at least one employee was affected in a December hack related to a vulnerability in Cleo file-transfer software, according to a regulatory filing with the Maine Attorney General's office.
The Michigan-based breakfast cereal company said Cleo servers, which were used to transfer employee files, were hacked on Dec. 7. WK Kellogg said it first learned of the hacking incident on Feb. 27.
The breached data included the name and Social Security number of one employee based in Maine. However, it is not immediately known if the personal data of other employees was also breached.
As previously reported, critical flaws in Cleo file-transfer software came under mass exploitation in December.
Cleo originally released a patch in October 2024 to address an unrestricted file upload and download vulnerability, tracked as CVE-2024-50623, in Cleo Harmony, VLTrrader and LexiCom file-transfer products.
However, security researchers found the patch did not offer adequate protection from hacking.
A second vulnerability, tracked as CVE-2024-55956, was discovered in December; it allows unauthenticated users to import or execute arbitrary bash or PowerShell commands.
Researchers from Arctic Wolf said in December that Cleo MFT products were being exploited as part of an effort to deploy Java-based backdoors.
'At the time of publication, the motivations of the threat actors had not been fully elucidated,' a spokesperson for Arctic Wolf said via email. 'Since then, [Clop] has published a message on their leak site claiming responsibility for some of the ransomware threat activity targeting organizations running Cleo products.'
Researchers at Mandiant traced a cluster of malicious activity to a threat actor tracked as FIN11, which overlaps with the Clop ransomware gang. Clop is most widely known as the group linked to the widespread attacks on MOVEit file-transfer software in 2023.
Just last week, Sam's Club said it was investigating a potential attack after Clop referenced the company on its leak site.
A spokesperson for WK Kellogg was not immediately available for comment.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
San Francisco Chronicle
12 minutes ago
- San Francisco Chronicle
Allogene Therapeutics: Q2 Earnings Snapshot
SOUTH SAN FRANCISCO, Calif. (AP) — SOUTH SAN FRANCISCO, Calif. (AP) — Allogene Therapeutics Inc. (ALLO) on Wednesday reported a loss of $50.9 million in its second quarter. The South San Francisco, California-based company said it had a loss of 23 cents per share. The results topped Wall Street expectations. The average estimate of nine analysts surveyed by Zacks Investment Research was for a loss of 28 cents per share. In the final minutes of trading on Wednesday, the company's shares hit $1.05. A year ago, they were trading at $2.35. _____
San Francisco Chronicle
12 minutes ago
- San Francisco Chronicle
Crescent Capital BDC: Q2 Earnings Snapshot
LOS ANGELES (AP) — LOS ANGELES (AP) — Crescent Capital BDC, Inc. (CCAP) on Wednesday reported second-quarter earnings of $15 million. On a per-share basis, the Los Angeles-based company said it had profit of 41 cents. Earnings, adjusted for investment costs, came to 46 cents per share. The results met Wall Street expectations. The average estimate of three analysts surveyed by Zacks Investment Research was also for earnings of 46 cents per share. The company posted revenue of $43 million in the period. _____
San Francisco Chronicle
12 minutes ago
- San Francisco Chronicle
Boston Omaha: Q2 Earnings Snapshot
OMAHA, Neb. (AP) — OMAHA, Neb. (AP) — Boston Omaha Corp. (BOC) on Wednesday reported a loss of $2.3 million in its second quarter. On a per-share basis, the Omaha, Nebraska-based company said it had a loss of 7 cents. The provider of real estate and business consulting services posted revenue of $28.2 million in the period. Boston Omaha shares have fallen 3% since the beginning of the year. In the final minutes of trading on Wednesday, shares hit $13.72, a climb of 2% in the last 12 months. _____
