WK Kellogg Co. Confirms Data Breach Following Ransomware Attack

WK Kellogg Co. recently experienced a significant data breach involving Cleo, a technology vendor providing secure file transfer services. On February 27, 2025, WK Kellogg Co. learned that unauthorized access occurred on December 7, 2024, when an attacker gained entry into servers hosted by Cleo. These servers were specifically used by WK Kellogg Co. to transfer employee files to their human resources service vendors.

The breach was claimed by the ransomware group known as CL0P, who publicly posted about the incident on February 25, 2025, on the dark web network Tor. CL0P is a known cybercriminal group specializing in ransomware attacks, often targeting organizations by exploiting vulnerabilities in third-party software and services.

The compromised servers contained sensitive employee information, including personally identifiable information (PII).

Although the exact types of PII exposed have not yet been publicly disclosed, such breaches typically involve names, addresses, Social Security numbers, dates of birth, and employment-related data.

In the state of New Hampshire, WK Kellogg Co. reported that three individuals were affected. While this number is relatively small, the total number of affected individuals nationwide has not yet been publicly confirmed.

WK Kellogg Co. disclosed the breach officially to the New Hampshire Attorney General's office on April 4, 2025.

WK Kellogg Co.'s Response

After discovering the breach, WK Kellogg Co. initiated an investigation and contacted Cleo to understand the scope and impact. The company received a detailed list of files present on the compromised servers at the time of unauthorized access and began reviewing these files to identify potentially affected individuals.

WK Kellogg Co. requires its vendors, including Cleo, to implement appropriate security measures. Following the incident, WK Kellogg Co. has worked closely with Cleo to address the vulnerabilities exploited by the attackers and to enhance security protocols to prevent future incidents.

To support affected individuals, WK Kellogg Co. is offering complimentary identity monitoring services through Kroll, a global leader in risk mitigation and response. These services include Credit Monitoring, Fraud Consultation, and Identity Theft Restoration. Affected individuals can activate their identity monitoring services by visiting Kroll's identity monitoring website. Activation must be completed by the date specified in the notification letter sent to each affected individual.

Additionally, WK Kellogg Co. recommends that all potentially affected individuals remain vigilant by regularly reviewing their account statements and credit reports for unauthorized activity. Free annual credit reports can be obtained from AnnualCreditReport.com.

The full disclosure document is available through the New Hampshire Attorney General's and Maine AG's websites.