WK Kellogg Confirms Data Breach Linked to Clop Ransomware Attack

WK Kellogg Co. has confirmed a significant data breach linked to the Clop ransomware group, which exploited vulnerabilities in the Cleo file transfer software used by the company. The breach occurred on December 7, 2024, but was not discovered until February 27, 2025, affecting at least one employee whose personal data, including their name and Social Security number, was compromised. Cleo's software had previously been patched for vulnerabilities, yet new flaws allowed unauthorized access, highlighting ongoing security challenges with file transfer services. Following the incident, WK Kellogg has begun notifying affected individuals and is offering one year of complimentary identity theft protection services. The company also emphasized its collaboration with Cleo to implement stricter security measures to prevent future breaches. This incident is part of a broader trend of ransomware attacks targeting file transfer systems, raising concerns over data security across various organizations.