Cereal manufacturer WK Kellogg suffered a data breach in Q1 via a third-party vendor.

Cleo, which is responsible for secure file transfers, told Kellogg that an unauthorised actor had gained access to its servers, which Cleo hosted, late last year. This has impacted an unknown number of victims, as the servers were used to transfer employee files to Kellogg’s human resources service vendors.

The breach occurred on December 7th 2024, but was only discovered on February 27th 2025, according to media reports, raising concerns about the security of sensitive employee information.

Affected Servers

According to Cybernews, Cleo gave WK Kellogg the list of files that were on the affected servers – the potential personal information involved includes names and Social Security numbers.

Cl0p, a prolific ransomware gang, have claimed the attack on WK Kellogg and have published data on its leak site.

The attack leveraged two zero-day flaws - tracked as CVE-2024-50623 and CVE-2024-55956 - allowing the threat actors to breach servers and steal data, according to BleepingComputer.

Trust and Connectivity

Commenting, Dray Agha, senior manager of security operations at Huntress, said: “While the number of affected individuals reported so far is low, the fact that this breach stemmed from a third-party vendor highlights a broader issue we’re seeing across the industry: attackers exploiting the trust and connectivity we have with our partners.

“Cleo being implicated in both the WK Kellogg and Sam’s Club incidents demonstrates how threat groups are clearly targeting file transfer platforms as high-leverage entry points.”

Jamie Akhtar, CEO and Co-founder at CyberSmart, said this illustrates the risks posed by supply chain attacks, and that defences are only as strong as the weakest link in your supply chain.

“Businesses (particularly large ones with access to reams of sensitive data) also need to take some responsibility themselves,” he said. “Enforce minimum security standards across your supply chain and regularly check in with suppliers to make sure they’re meeting them. More importantly, don’t work with any business that doesn’t take cybersecurity as seriously as yours.”

Dan Raywood

Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.