WK Kellogg Co. was recently hit by a cybersecurity breach that resulted in the exposure of sensitive employee data. The breach, which took place on December 7, 2024, was a result of attackers taking advantage of a vulnerability in the file transfer software used by the company.
It was not until February 27 that WK Kellogg discovered the breach and promptly reported the incident to the Maine Attorney General’s Office on April 4, 2025. The Michigan-based cereal manufacturer has since taken steps to notify affected individuals by mail. One confirmed case involved an employee in Maine whose name and Social Security number were compromised, but the full extent of the breach is still unknown.
The attackers exploited vulnerabilities in Cleo’s file transfer software, including Harmony, VLTrader, and LexiCom. One vulnerability, known as CVE-2024-50623, allowed for unrestricted uploads and downloads. Despite Cleo releasing a patch in October 2024, security researchers later discovered that the patch was not completely effective in preventing intrusion.
In December, another vulnerability (CVE-2024-55956) was uncovered, enabling unauthenticated users to execute arbitrary commands using bash or PowerShell, providing attackers with a way to deploy malicious code. Cybersecurity experts have attributed the attack to the Clop ransomware group, a notorious threat actor known for targeting organizations that use Cleo products.
Arctic Wolf and Mandiant researchers have linked this breach to a larger campaign by the Clop group, with WK Kellogg being publicly named on the dark web leak site in February. This public exposure put pressure on the company to address the breach and mitigate the risks posed by the stolen data.
Erich Kron, a security awareness advocate at KnowBe4, emphasized the seriousness of zero-day flaws like the ones exploited in this attack. He warned that the stolen HR-related employee files could contain highly sensitive information that could easily lead to identity theft for those affected.
As part of its response to the breach, WK Kellogg has started offering affected individuals one year of free identity theft protection services from Kroll, which includes credit monitoring and fraud support. Kron advised victims of the breach to take precautions such as locking their credit to prevent unauthorized accounts from being opened in their names and to remain vigilant for signs of identity theft.
The breach serves as a reminder of the constant threat posed by cybercriminals and the importance of maintaining robust cybersecurity measures to protect sensitive data. WK Kellogg’s proactive response to the incident demonstrates the company’s commitment to addressing the breach and safeguarding the privacy of its employees.