Food giant WK Kellogg discloses data breach linked to Clop ransomware

US food giant WK Kellogg Co is warning employees and vendors that company data was stolen during the 2024 Cleo data theft attacks. Cleo software is a managed file transfer utility that was targeted by the Clop ransomware gang en masse at the end of last year. This attack leveraged two zero-day flaws tracked as CVE-2024-50623 and CVE-2024-55956, allowing the threat actors to breach servers and steal data. "WK Kellogg learned on February 27, 2025, that a security incident may have occurred involving Cleo," reads the notice. "WK Kellogg immediately began to investigate. We contacted Cleo, and Cleo informed us that an unauthorized person gained access on December 7, 2024, to the servers Cleo hosted for us that were used for transferring employee files to our human resources service vendors." WK Kellogg Co is an American food manufacturing giant split from Kellogg's in October 2023. It has an annual revenue of $2.7 billion and owns popular cereal brands such as All-Bran, Corn Flakes, Fr ... Read full article.