WK Kellogg Co., the American food manufacturing giant, has confirmed a data breach linked to the Clop ransomware gang’s December 2024 attacks targeting Cleo file transfer software. The breach, discovered on February 27, 2025, involved unauthorized access to servers used for transferring employee files to HR vendors.
The attackers exploited two zero-day vulnerabilities in Cleo software, CVE-2024-50623 and CVE-2024-55956. This allowed them to breach the servers and steal sensitive data.
A company notice stated, “WK Kellogg learned on February 27, 2025, that a security incident may have occurred involving Cleo.”
The notice further explained that an unauthorized person gained access on December 7, 2024, to the servers.
The compromised data includes employee names and social security numbers. WK Kellogg is providing impacted individuals with one year of free identity monitoring and fraud protection services through Kroll. They are also advised to consider fraud alerts or security freezes on their credit files.
This incident follows a pattern of Clop ransomware attacks targeting Cleo users. The Clop gang listed WK Kellogg on its data leak site before the official notification. The breach is similar to an October 2024 incident affecting Western Alliance Bank, which involved the theft of personal data from 22,000 customers.
WK Kellogg’s disclosure highlights the serious risks associated with vulnerabilities in managed file transfer solutions. The company is working with Cleo to improve security and prevent future breaches. The incident serves as a stark reminder for organizations to prioritize robust cybersecurity measures and regularly patch software vulnerabilities.
