WK Kellogg Co Announces Major Data Breach Amid Clop Ransomware Attack

Overview of the Incident

WK Kellogg Co, a renowned US food manufacturer, recently revealed to its employees and vendors that sensitive company data was compromised in the high-profile 2024 Cleo data theft incidents orchestrated by the notorious Clop ransomware gang.

Technical Breakdown of the Breach

The breach exploited vulnerabilities in Cleo’s managed file transfer utility, specifically through two zero-day flaws identified as CVE-2024-50623 and CVE-2024-55956. These vulnerabilities allowed unauthorized access to servers hosting critical employee data files.

Immediate Responses and Notifications

Upon discovery on February 27, 2025, WK Kellogg acted swiftly to investigate the incident with Cleo, confirming the breach on December 7, 2024. This event aligns with a series of attacks last year, signaling a coordinated effort by the cybercriminal group.

About WK Kellogg Co

Spun off from Kellogg’s in October 2023, WK Kellogg Co boasts annual revenues of $2.7 billion and owns several popular cereal brands including All-Bran, Corn Flakes, and Frosted Flakes, among others.

Response to the Breach

Although the breach was not directly attributed to Clop in initial reports, the timing and subsequent listing of WK Kellogg on a Clop-operated data leak site strongly suggest their involvement.

The leaked data encompassed sensitive personal information, including names and social security numbers, which prompted WK Kellogg to dispatch breach notifications advocating for enrolment in comprehensive identity monitoring and fraud protection services through Kroll.

Additionally, recommendations were made for impacted persons to place fraud alerts or security freezes on their credit files.

Preventative Measures and Future Safeguards

Collaborating closely with Cleo, WK Kellogg has rigorously worked to enhance security protocols to prevent future incidents, taking lessons from the breach to strengthen their cybersecurity posture.

Industry Impact

This incident places WK Kellogg among a growing list of enterprises affected by the Clop ransomware’s exploitation of Cleo’s software vulnerabilities, highlighting an urgent need for increased cybersecurity vigilance across industries.

Previous Reports and Ongoing Developments

Prior disclosures of similar nature were made by Western Alliance Bank, which on March 18 informed 22,000 customers about the theft of their personal data due to a breach in October 2024, also linked to Cleo’s compromised file transfer services.