{Hardware} accent big Logitech has confirmed it suffered an information breach in a cyberattack claimed by the Clop extortion gang, which carried out Oracle E-Enterprise Suite information theft assaults in July.
Logitech Worldwide S.A. is a Swiss multinational electronics firm that sells {hardware} and software program options, together with laptop peripherals, gaming, video collaboration, music, and good residence merchandise.
At the moment, Logitech filed a Kind 8-Okay with the U.S. Securities and Trade Fee, confirming that information was stolen in a breach.
“Logitech Worldwide S.A. (“Logitech”) lately skilled a cybersecurity incident regarding the exfiltration of information. The cybersecurity incident has not impacted Logitech’s merchandise, enterprise operations or manufacturing,” disclosed Logitech.
“Upon detecting the incident, Logitech promptly took steps to analyze and reply to the incident with the help of main exterior cybersecurity corporations.”
Logitech says the info doubtless consists of restricted details about workers and customers, in addition to information regarding prospects and suppliers, however the firm doesn’t imagine hackers gained entry to delicate data reminiscent of nationwide ID numbers or bank card data, as that information was not saved within the breached methods.
Logitech says that the breach occurred by means of a third-party zero-day vulnerability that was patched as quickly as a repair was obtainable.
This assertion comes after the Clop extortion gang added Logitech to its data-leak extortion web site final week, leaking nearly 1.8 TB of information allegedly stolen from the corporate.
Whereas the corporate doesn’t identify the software program vendor, the breach was doubtless brought on by an Oracle zero-day vulnerability exploited by the Clop extortion gang in July data-theft assaults.
Final month, Mandiant and Google started monitoring a new extortion marketing campaign wherein quite a few corporations acquired emails from the Clop ransomware operation claiming that delicate information had been stolen from their Oracle E-Enterprise Suite methods.
These emails warned that the stolen information can be leaked if a ransom demand was not paid.
Quickly after, Oracle confirmed a brand new E-Enterprise Suite zero-day, tracked as CVE-2025-61882, and issued an emergency replace to repair the flaw.
The Clop extortion gang has a lengthy historical past of exploiting zero-day flaws in large information theft assaults, together with:
Different organizations impacted by the 2025 Oracle E-Enterprise Suite information theft assaults embody Harvard, Envoy Air, and The Washington Put up.
BleepingComputer contacted Logitech earlier this month and once more right now with questions relating to the breach and can replace the story if we obtain a response.
As MCP (Mannequin Context Protocol) turns into the usual for connecting LLMs to instruments and information, safety groups are transferring quick to maintain these new companies secure.
This free cheat sheet outlines 7 greatest practices you can begin utilizing right now.
