Cleo Communications, Inc. (“Cleo”) and WK Kellogg Co. (“Kellogg”) Data Breach Investigation

According to a report filed with a governmental entity, Kellogg uses a file transfer service (“FTS”) produced by Cleo to electronically transfer employee files to its human resource service vendors. Allegedly, a vulnerability in the “FTS” resulted in a December 7, 2024 breach by a cybercriminal group known as Clop, and Clop gained access to Kellogg’s data. Though Kellogg was made aware of the breach on or about February 27, 2025, the Kellogg notification was not filed with the governmental entity until April 4, 2025. The breach compromised individuals’ personal information including names and Social Security numbers. Kellogg is not the only Cleo customer affected by the breach. Clop announced at least 66 companies had data hacked due to the FTS vulnerability. If you or someone you know receives a notification letter about a data breach involving the Cleo file transfer server and would like additional information about your legal rights, you can contact Goldenberg Schneider, LPA by calling 513-982-1569, sending an email to [email protected] or completing the “Contact Us” form to the right.