- Logitech confirms data breach via SEC filing, citing zero-day in third-party software as entry point
- Cl0p ransomware gang claims responsibility, claiming the theft of 1.8TB of company data
- Stolen data may include limited information about employees, consumers and suppliers; investigation is ongoing
Logitech was recently hit by a data breach in which hackers got hold of sensitive company data, but it is still unknown how many people are affected and what type of data was taken.
Logitech filed a new Form 8-K with the US Securities and Exchange Commission (SEC) to notify the agency about the attack, noting that the anonymous criminals used a zero-day vulnerability in one of the third-party software it was using to break in.
“Logitech believes that the unauthorized third party used a zero-day vulnerability in a third-party software platform and copied certain data from the internal IT system,” the form reads.
Cl0p strikes again
“The zero-day vulnerability was patched by Logitech after its release by the software platform vendor,” he added, seeking to minimize his responsibility for the attack, saying he did the responsible thing and patched the software as soon as the fix was available.
The form does not explain why the criminals were able to extract the files, especially without being discovered.
Logitech then explained that the investigation is still ongoing, but added that the stolen data “likely included limited information about employees and consumers and data related to customers and suppliers.”
Sensitive personal information, such as national identification numbers or credit card information, most likely was not stolen, as it was not stored on the compromised IT system.
Logitech reportedly only confirmed the breach after its name appeared on the Cl0p data breach site. Cl0p is an infamous ransomware actor who discovered a zero-day vulnerability in Oracle’s E-Business Suite and used it to attack hundreds of companies and extract terabytes of data.
The group now says it obtained almost 1.8TB of data from Logitech, but we don’t know how much money it asked for in return.
Through beepcomputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
