WK Kellogg, a major cereal brand in North America, has fallen victim to a data breach linked to a third-party vendor.
The breach, which came to light earlier this year, involves Cleo—a company responsible for handling secure file transfers on behalf of WK Kellogg.
Cleo informed WK Kellogg that an unauthorized individual had accessed its servers late last year. These compromised servers were specifically used for transferring employee files to the cereal giant’s human resources service providers. Upon investigation, Cleo provided WK Kellogg with a list of files that had been stored on the affected servers. The potentially compromised data includes sensitive personal information, such as names and Social Security numbers.
While the full scale of the breach is still unknown, official notifications offer limited insight. A disclosure filed with the Office of the Maine Attorney General states that only one resident of the state was affected. Meanwhile, a similar notice sent to New Hampshire’s Attorney General's office reported that three individuals were impacted. Despite the small numbers reported in those states, the total number of victims nationwide has not been disclosed.
To support those affected in Maine and New Hampshire, WK Kellogg is offering one year of complimentary credit monitoring and identity theft protection services.
This breach comes amid a broader wave of attacks exploiting Cleo’s software. The ransomware group Cl0p previously targeted companies using Cleo’s file-sharing tools, including major retailers like Walmart’s Sam’s Club. These hackers exploited zero-day vulnerabilities in Cleo’s systems, initiating widespread data leaks just before the start of the new year.
Dozens of companies have since been listed on Cl0p’s leak site, including financial institutions such as Western Alliance Bank. In one instance, the bank notified 22,000 customers about their compromised data only in mid-March, according to the Office of the Maine Attorney General. The incident highlights the growing risks posed by vulnerabilities in third-party software used across industries.
Found this article interesting? Follow us on X(Twitter) and FaceBook to read more exclusive content we post.
