BleepingComputer reports that major U.S. food manufacturer WK Kellogg has disclosed having its data compromised in a December ransomware attack by the Clop ransomware operation that involved a pair of Cleo managed file transfer software zero-day vulnerabilities just after the firm was included in the ransomware gang's leak site.
Exploitation of the flaws, tracked as CVE-2024-50623 and CVE-2024-55956, allowed threat actors to infiltrate Cleo-hosted servers leveraged for moving employee documents to human resources service vendors on Dec. 7, according to the company, which only discovered the breach in late February. Aside from advising impacted individuals to obtain complimentary identity monitoring and fraud protection services, as well as set fraud alerts and credit file freezes, WK Kellogg also moved to adopt additional security measures to prevent a similar breach from occurring. Such a development comes weeks after Arizona-based Western Alliance Bank reported having data from almost 22,000 customers exfiltrated due to the breach of its Cleo software in October.
