Who is believed to be responsible for the Kellogg's data breach?

The Clop ransomware group is believed to be responsible for the attack.

What types of personal information were exposed in the Kellogg's breach?

The exposed data likely includes names, addresses, Social Security numbers, and dates of birth.

How many people were affected by the Kellogg's data breach?

The total number of impacted persons is not disclosed, though the report stated that at least three individuals were affected.

What is Cleo's role in the Kellogg's data breach?

Cleo is a vendor that provides secure file transfer services for Kellogg's. The security breach was caused by the exploitation of a vulnerability in Cleo's services.

Incident

Kellogg's reports security breach caused by Cleo vulnerability exploitation

Q: What company reported a security breach involving Cleo services?

Kellogg's, the American food manufacturing giant, is reporting a security breach caused by the exploitation of a vulnerability in Cleo, a vendor that provides secure file transfer services for the company.

Q: When did the unauthorized access to Kellogg's systems occur?

The Clop ransomware group gained unauthorized access to Kellogg's servers on December 7, 2024. The company only discovered this unauthorized access on February 27, 2025, nearly three months after the initial breach occurred.

Q: What servers were affected in the Kellogg's security breach?

The compromised servers were hosted by Cleo and were specifically used by WK Kellogg Co. for transferring files to their human resources vendors.

published: April 6, 2025

Learn More

Kellogg's,, officiall named WK Kellogg Co - the American food manufacturing giant, is reporting a security breach caused by the exploitation of a vulnerability in Cleo, a vendor that provides secure file transfer services for the company.

The Clop ransomware group, believed to be responsible for the attack, gained unauthorized access to Kellogg's servers on December 7, 2024. The company only discovered this unauthorized access on February 27, 2025, nearly three months after the initial breach occurred.

Investigations revealed that the compromised servers were hosted by Cleo and were specifically used by WK Kellogg Co. for transferring files to their human resources vendors. The exposed data likely includes:

Names
Addresses
Social Security numbers
Dates of birth

Kellogg's has contacted Cleo to obtain a detailed list of files stored on the exposed servers to identify all affected individuals. The total number of impacted personsis not disclosed and the report stated that at least three individuals were affected.

Kellogg's reports security breach caused by Cleo vulnerability exploitation

Read More
Sunflower Bank reports MOVEit vulnerability data breach
Bedford County Fire/Rescue impacted by MOVEit related breach
Gryphon Healthcare reports third party breach exposing over …
Japan Foods Holding reports ransomware attack
Corewell Health reports second third party data breach …