WK Kellogg Reports Data Breach Tied to Clop Ransomware Exploiting Cleo Vulnerabilities

Monday, December 1, 2025

Top 5 Cybersecurity Stories You Should Know

1. WK Kellogg Reports Data Breach Tied to Clop Ransomware Exploiting Cleo Vulnerabilities — tl;dr: WK Kellogg Co has disclosed a data breach resulting from a Clop ransomware attack that exploited two zero-day vulnerabilities in Cleo software, identified as CVE-2024-50623 and CVE-2024-55956. The breach, which occurred on December 7, 2024, involved unauthorized access to servers hosting employee files. Affected individuals may have had their names and social security numbers compromised. The company is offering a year of free identity monitoring services through Kroll and advises those impacted to consider placing fraud alerts or security freezes on their credit files.
   ↪ https://www.bleepingcomputer.com/news/security/food-giant-wk-kellogg-discloses-data-breach-linked-to-clop-ransomware/

2. Capita Data Breach 2025: £14M ICO Fine Highlights Cybersecurity Gaps — tl;dr: In October 2025, Capita plc faced a £14 million fine from the ICO after a data breach exposed personal information of over six million individuals. The incident revealed significant vulnerabilities in Capita's incident response and data protection measures, allowing attackers to exfiltrate nearly one terabyte of sensitive data. Organizations are urged to strengthen their cybersecurity frameworks, enhance incident management protocols, and ensure compliance with GDPR regulations. Implementing robust risk assessments, access controls, and comprehensive cyber insurance can help mitigate the risks associated with data breaches and protect both clients and stakeholders.
   ↪ https://www.coxmahon.com/news/lessons-from-the-capita-data-breach/

3. Coupang Threatened with Data Exposure Unless Security Improved, Police Investigate — tl;dr: Coupang, facing scrutiny after a significant data breach affecting approximately 33.7 million user accounts, received an email threatening to expose user data unless the company enhanced its security measures. The Seoul Metropolitan Police Agency is investigating the sender, who claimed to possess personal information of Coupang users. While the email did not include any monetary demands, the police are looking into potential links to a former employee. Users are advised to monitor their accounts for suspicious activity and consider changing passwords to mitigate risks of identity theft.
   ↪ https://koreajoongangdaily.joins.com/news/2025-12-01/national/socialAffairs/Coupang-received-email-with-threat-to-expose-user-data-unless-security-improved-Police/2466677

4. Coupang Data Breach Affects 33.7 Million Accounts, Investigation Underway — tl;dr: Coupang, a leading South Korean e-commerce platform, has reported a significant data breach affecting approximately 33.7 million customer accounts. The breach, attributed to a former employee of Chinese nationality, involved unauthorized access to personal information, including names, emails, and addresses, though payment details were not compromised. The incident, which went undetected for nearly five months, has prompted a police investigation and government response to prevent further exploitation, such as phishing attacks. Affected users are advised to monitor their accounts closely and remain vigilant against potential scams.
   ↪ https://www.businesskorea.co.kr/news/articleView.html?idxno=257668

5. McMenamins Hospitality Chain Reports Data Breach Following Ransomware Attack — tl;dr: McMenamins, a hospitality chain, has disclosed a data breach resulting from a ransomware attack. The incident has raised concerns about the security of customer data, as personal information may have been compromised. Affected individuals are advised to monitor their accounts for unusual activity and consider changing passwords. The breach underscores the growing threat of ransomware in the hospitality sector, highlighting the need for enhanced cybersecurity measures to protect sensitive information from malicious actors.
   ↪ https://www.itsecuritynews.info/hospitality-chain-mcmenamins-discloses-data-breach-after-ransomware-attack/

Featured LufSec Resource

AI Risk Inspector (Tool) — Scan AI models for risks and export client-ready reports.
Explore →

Connect with LufSec

• YouTube: https://www.youtube.com/@lufsec
• Instagram: https://www.instagram.com/lufsec