WK Kellogg Co., the prominent North American cereal manufacturer, has confirmed a significant data breach affecting its servers hosted by Cleo, a third-party vendor providing secure file transfer services. 

The breach occurred on December 7, 2024, but was only discovered on February 27, 2025, raising concerns about the security of sensitive employee information.

The breach was orchestrated by the notorious ransomware group CL0P, which exploited vulnerabilities in Cleo’s file-sharing software. 

WK Kellogg Co. Data Breach

WK Kellogg Co. used these servers to transfer employee files to human resources service vendors. Sensitive data stored on these servers included personally identifiable information (PII) such as names and Social Security numbers.

CL0P is known for targeting organizations through third-party software vulnerabilities and extorting victims by leaking stolen data on the dark web.

The group publicly posted about the incident on February 25, 2025, further amplifying the urgency for WK Kellogg Co. to address the breach.

While the total number of affected individuals remains unclear, according to state filings, WK Kellogg Co. has reported that only one Maine resident and three New Hampshire residents were impacted.

Application Security is no longer just a defensive play, Time to Secure -> Free Webinar

However, given the nature of the breach and the type of data exposed, it is likely that more individuals across the United States may be affected.

On April 4, 2025, WK Kellogg Co. officially filed a data breach notice with state authorities and began notifying affected individuals through written communication. 

The company is offering one year of complimentary identity theft protection services through Kroll, including credit monitoring and fraud consultation.

WK Kellogg Co. has also worked closely with Cleo to investigate the incident and address vulnerabilities exploited during the attack. Enhanced security protocols are being implemented to prevent future breaches.

The breach highlights critical cybersecurity challenges associated with third-party vendors:

• Exploitation of Zero-Day Vulnerabilities: CL0P leveraged unpatched vulnerabilities in Cleo’s software to gain unauthorized access to sensitive data.
• Data Exfiltration: Hackers covertly transferred employee files containing PII from Cleo’s servers.
• Ransomware Tactics: CL0P’s modus operandi involves extorting organizations by threatening to leak stolen data unless a ransom is paid.

Such incidents underscore the importance of robust vendor management practices, including regular penetration testing, patch management, and multi-factor authentication (MFA) to secure sensitive systems.

Affected Individuals

WK Kellogg Co. advises all potentially impacted individuals to:

• Monitor their credit reports for unauthorized activity.
• Activate identity theft protection services offered by Kroll.
• Remain vigilant against phishing attacks or fraudulent communications attempting to exploit leaked personal information.

As ransomware groups like CL0P continue their campaigns against major organizations, businesses must prioritize cybersecurity measures not only within their own networks but also across their vendor relationships.

WK Kellogg Co., headquartered in Battle Creek, Michigan, employs approximately 3,280 people and generates annual revenues of $2.71 billion. 

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try 50 Request for Free

The post Kelloggs Data Breach – Hackers Breached the Servers and Stolen Data appeared first on Cyber Security News.

​The original article found on Cyber Security News Read More