Logitech Hit by Data Security Breach Linked to Oracle E-Business Vulnerability

Logitech, the major hardware accessories company, has reported a significant data security incident after the Clop ransomware group added the firm to its data leak site, alleging it breached Logitech’s Oracle E-Business Suite system.

 

In a filing with the U.S. Securities and Exchange Commission (SEC), Logitech said that it had recently identified a cyber security incident in which threat actors accessed and stole confidential company information. The company immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident. 

 

“While the investigation is ongoing, at this time, Logitech believes that the unauthorised third party used a zero-day vulnerability in a third-party software platform and copied certain data from the internal IT system. 

 

“The zero-day vulnerability was patched by Logitech following its release by the software platform vendor,” Logitech said.

 

The compromised data included confidential information on employees and consumers, along with details about customers and suppliers. According to Logitech, the compromised system did not store sensitive personal data such as national ID numbers or credit card details.

 

The company added that the incident had no effect on Logitech’s products, business operations, or manufacturing activities.

 

Although the company did not identify the software vendor involved, the breach was likely linked to an Oracle zero-day vulnerability that the Clop extortion gang exploited in a series of data-theft attacks in July.

 

“As of the date of this filing, Logitech believes that the incident will not have a material adverse effect on its financial condition or results of operations. Logitech maintains a comprehensive cybersecurity insurance policy, which we expect will, subject to policy limits and deductibles, cover costs associated with incident response and forensic investigations, as well as business interruptions, legal actions and regulatory fines, if any,” the company added.

 

 

Around November 15, the Clop ransomware group—known for exploiting a vulnerability in Oracle E-Business Suite—listed Logitech as a victim on its data leak site. The group claimed to have obtained 1.8 TB of confidential company data and threatened to release it publicly unless a ransom is paid.