Logitech Confirms Data Breach Attributed to Cl0p Ransomware Group

Hardware and software company Logitech has officially confirmed it sustained a cybersecurity incident resulting in the exfiltration of corporate data. The confirmation, made in a regulatory filing, follows a claim of responsibility by the Cl0p ransomware group, which has been linked to recent exploits of a zero-day vulnerability in Oracle’s E-Business Suite.

SEC Filing Details Breach

In an 8-K filing with the U.S. Securities and Exchange Commission, Logitech stated that an unauthorized third party exploited a flaw in a third-party software platform to access and copy data from its internal IT systems. The company has initiated an investigation with the help of external cybersecurity experts to ascertain the full scope of the breach.

According to Logitech, the compromised data likely includes limited information concerning employees, consumers, customers, and suppliers. However, the company does not believe sensitive personal information, such as social security numbers or credit card details, was exposed, as that data was stored on a separate, unaffected system. The third-party vendor has reportedly patched the vulnerability.

Cl0p Ransomware Group Takes Credit

The Russian-speaking cybercrime organization Cl0p has claimed responsibility for the attack, listing Logitech on its dark web data leak site. The group alleges it stole approximately 1.8 terabytes of data and attempted to extort the company. Adrian Culley of SafeBreach noted that Cl0p’s recent campaigns show a high level of technical sophistication, involving their own vulnerability research.

The same Oracle E-Business Suite vulnerabilities have been used in recent attacks on other major organizations, including an American Airlines subsidiary, Harvard University, and The Washington Post. Logitech stated it does not anticipate a material impact on its operations or financial position and expects its cybersecurity insurance to cover associated costs.