US food giant WK Kellogg confirms data breach linked to Cleo zero-day attacks

In a recent disclosure, WK Kellogg Co., the iconic American food manufacturer, has confirmed that company data was compromised as part of the widespread Cleo data theft attacks orchestrated by the Clop ransomware gang in late 2024. The breach was reportedly facilitated through vulnerabilities in Cleo’s managed file transfer software, used by numerous enterprises to securely transmit sensitive files.

WK Kellogg Co. stated that it became aware of the potential security incident on February 27, 2025, prompting an immediate investigation. Upon contacting Cleo, the software vendor confirmed that unauthorized access occurred on December 7, 2024, to servers used by the company for transferring employee files to its human resources service providers.

The breach exploited two previously unknown software flaws—now identified as CVE-2024-50623 and CVE-2024-55956—which allowed attackers to penetrate Cleo’s servers and exfiltrate sensitive data. While WK Kellogg did not explicitly attribute the breach to the Clop group, the timeline of the incident aligns with the ransomware gang’s mass exploitation of the Cleo vulnerabilities. Additionally, WK Kellogg was recently listed on Clop’s data leak extortion website, further substantiating the link.

According to the company’s official notification to authorities, the compromised data includes names and Social Security numbers of affected individuals. In response, WK Kellogg is offering free one-year identity monitoring and fraud protection services through Kroll. Impacted individuals are also being encouraged to place fraud alerts or security freezes on their credit files to mitigate the risk of identity theft.

WK Kellogg Co., which spun off from Kellogg’s in October 2023, operates independently with a $2.7 billion annual revenue and manages several iconic cereal brands including Froot Loops, Frosted Flakes, All-Bran, and Corn Flakes.

The company has stated it is working closely with Cleo to review the incident, understand the scope of the breach, and implement enhanced security measures to prevent future occurrences. WK Kellogg’s acknowledgment follows similar notifications from other organizations impacted by the same vulnerabilities. Most recently, Western Alliance Bank disclosed on March 18 that over 22,000 customers were affected by a Cleo-related breach in October 2024.