WK Kellogg Co. has fallen victim to a significant data breach, exposing sensitive personal information of several individuals. The breach occurred on December 7, 2024, but it was not discovered until nearly three months later on February 27, 2025. Although the exact scope of the breach is not fully disclosed, it is known that personal identifiers such as names and social security numbers were compromised. Affected individuals have been notified, and identity theft protection services have been offered to help mitigate the impact.
The breach occurred when hackers targeted Kellogg’s file transfer utility, which was hosted by Cleo software.
The attackers exploited two zero-day vulnerabilities in Cleo’s software to gain unauthorized access to servers storing sensitive data. WK Kellogg quickly initiated an investigation upon learning of the incident, working with Cleo to assess and mitigate the security breach. The company has since offered one year of free identity theft protection services to the affected individuals.
Kellogg’s response to the breach includes offering complimentary credit monitoring through Kroll and providing guidance for affected consumers to monitor their financial accounts. The company’s outside counsel reassured the public that steps were being taken to improve cybersecurity measures to prevent future incidents. Experts stress the importance of companies implementing robust cybersecurity frameworks to stay ahead of evolving threats, and Kellogg is now taking measures to repair its reputation and ensure future security.
This data breach is part of a larger trend of attacks targeting high-profile companies, with the Clop ransomware gang being linked to the incident.
WK Kellogg has worked closely with Cleo to understand the breach’s impact and address vulnerabilities in the system. As the investigation continues, affected individuals are urged to remain vigilant and take advantage of the protection services offered.
Reference:
