Logitech confirms data breach caused by the breach of Oracle E-Business Suite by Clop ransomware gang

Swiss technology company Logitech International S.A. is reporting a data breach after the Clop extortion gang claimed responsibility for stealing nearly 1.8 terabytes of data from the company.

The cause of the breach was caused by a zero-day vulnerability in Oracle E-Business Suite exploited by the Clop extortion gang, tracked as CVE-2025-61882 (CVSS score 9.8). Successful exploitation enables attackers to achieve remote code execution on vulnerable Oracle EBS servers.

The Clop extortion gang added Logitech to its dark web data leak site in early November 2025, claiming to have stolen approximately 1.8 terabytes of data from the electronics manufacturer. The threat actors posted screenshots and file listings allegedly containing internal business operations documents, financial records, and corporate files as proof of the breach. 

Logitech claims in its SEC disclosure that the company does not believe hackers gained access to highly sensitive information such as national identification numbers or credit card information, as that data was not stored in the breached systems.

The number of affected individuals is not disclosed.

Logitech is one of approximately 30 organizations that have been publicly identified as victims of the Clop gang's Oracle E-Business Suite zero-day exploitation campaign. Other high-profile victims include Harvard University, The Washington Post, Envoy Air (an American Airlines subsidiary), GlobalLogic (which reported 10,000 affected employees), Cox Enterprises, Pan American Silver, LKQ Corporation, and Copeland. Security researchers estimate that dozens of additional organizations were likely compromised in the campaign but have not yet been publicly disclosed.