Logitech confirms data breach – but says it isn’t sure exactly what information was lost
- Logitech confirms data breach via SEC filing, citing a zero-day in third-party software as the entry point
- Cl0p ransomware gang claims responsibility, alleging theft of 1.8 TB of company data
- Stolen data may include limited employee, consumer, and supplier info; investigation is ongoing
Logitech was recently hit by a data breach which saw hackers made away with sensitive company data – but how many people are affected, and what kind of data was taken is still unknown.
Logitech filed a new 8-K form with the US Securities and Exchange Commission (SEC) to notify the agency about the hit, noting the unnamed crooks used a zero-day vulnerability in one of the third-party software it was using to break in.
“Logitech believes that the unauthorized third party used a zero-day vulnerability in a third-party software platform and copied certain data from the internal IT system,” the form reads.
Cl0p strikes again
“The zero-day vulnerability was patched by Logitech following its release by the software platform vendor,” it added, lookinf to minimize its accountability for the attack, saying it did the responsible thing and patched the software as soon as the fix was available.
Why the crooks were able to extract the files, especially without being spotted, wasn’t discussed in the form.
Logitech then explained that the investigation is still ongoing but added that the data stolen, “likely included limited information about employees and consumers and data relating to customers and suppliers.”
Sensitive personal information, such as national ID numbers or credit card information, was most likely not stolen, since it wasn’t stored in the compromised IT system.
Logitech reportedly only confirmed the breach after its name surfaced on Cl0p’s data leak site. Cl0p is an infamous ransomware actor, who discovered a zero-day vulnerability in Oracle’s E-Business Suite and used it to target hundreds of companies and exfiltrate terabytes of data.
The group now says that it pulled almost 1.8 TB of data from Logitech, but we don’t know how much money it asked for in exchange.
Via BleepingComputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
Logitech confirms data breach via SEC filing, citing a zero-day in third-party software as the entry point Cl0p ransomware gang claims responsibility, alleging theft of 1.8 TB of company data Stolen data may include limited employee, consumer, and supplier info; investigation is ongoing Logitech was recently hit by a data…
