WK Kellogg, the company behind the Kellogg’s cereals, has been hit by a major data breach. Cybercriminals from the ransomware group Clop exploited a vulnerability in the software of an external supplier, stealing employees’ personal data.
The data breach took place in December 2024, when data was stolen from the file transfer service Cleo. At the time, Cleo suffered a wave of attacks from Clop. The ransomware gang used zero days to gain access to Cleo servers.
Then, on February 27, 2025, Kellogg’s discovered that the attacks may have affected it. The cereal manufacturer used third-party Cleo servers to transfer personnel files to HR service providers, and the attack targeted precisely these servers.
The hackers gained unauthorized access to sensitive information such as names and social security numbers. Clop publicly announced the attack on February 25, 2025, via the dark web, which put additional pressure on WK Kellogg to address the incident.
Scope of the leak
The total scope of the data breach is still unclear. However, reports to the authorities indicate that at least four American citizens are officially registered as affected. Given the nature of the breach and the type of data that has been exposed, it is likely that more people in the United States have been affected.
WK Kellogg Co. officially reported the data breach to authorities on April 4, 2025. The company has started informing affected individuals via written communication and is offering them one year of free identity theft protection through Kroll, including credit monitoring and fraud consultation.
File transfer services generally appear to be of interest to cyber criminals who want to cause major damage. Vulnerabilities in MOVEit have also previously caused a wave of data leaks at companies.
Tip: How the MOVEit vulnerability has been making victims since May 2023