Logitech disclosed a data breach shortly after it was named as a victim of the recent hacking and extortion campaign targeting customers of Oracle’s E-Business Suite (EBS) enterprise resource planning solution.
In a Friday filing with the SEC, the consumer electronics giant said it recently experienced a cybersecurity incident that involved data exfiltration.
“While the investigation is ongoing, at this time, Logitech believes that the unauthorized third party used a zero-day vulnerability in a third-party software platform and copied certain data from the internal IT system,” Logitech said.
“The data likely included limited information about employees and consumers and data relating to customers and suppliers. Logitech does not believe any sensitive personal information, such as national ID numbers or credit card information, was housed in the impacted IT system,” it added.
The company noted that products, business operations, or manufacturing were not impacted, and it does not believe the incident will have a material impact on its financial condition or results of operations.
“Logitech maintains a comprehensive cybersecurity insurance policy, which we expect will, subject to policy limits and deductibles, cover costs associated with incident response and forensic investigations, as well as business interruptions, legal actions and regulatory fines, if any,” the company said.
While Logitech has not named the third-party platform targeted in the zero-day attack, the disclosure comes after the company was named on the Cl0p ransomware leak website as a victim of the Oracle EBS campaign.
Logitech was listed on the Cl0p site in early November. After repeated requests for comment from SecurityWeek, the company responded on November 10 to say that it’s not commenting on the matter.
The cybercriminals have leaked 1.8 TB worth of archive files allegedly storing information stolen from Logitech.
Over 50 victims have been named to date on the Cl0p website, including major companies. Some organizations, such as The Washington Post, Hitachi subsidiary GlobalLogic, Harvard University, and American Airlines subsidiary Envoy Air, have confirmed being impacted.
It’s still not clear which Oracle EBS zero-days have been exploited in the campaign claimed by Cl0p, but the main candidates are CVE-2025-61884 and CVE-2025-618842.
While Cl0p has been the public-facing entity, the cybersecurity community has linked the campaign to an unknown cluster of the threat actor tracked as FIN11, which was also responsible for similar operations targeting customers of Cleo, MOVEit, and Fortra file transfer products.
Reference:
