Logitech discloses data breach after Clop claims

Technology manufacturer Logitech filed documents with the Securities and Exchange Commission (SEC) on Friday about a recent cybersecurity incident that involved a zero-day vulnerability.

The company told the SEC that an investigation revealed that hackers exploited a bug “in a third-party software platform and copied certain data from the internal IT system.” 

“The zero-day vulnerability was patched by Logitech following its release by the software platform vendor. The data likely included limited information about employees and consumers and data relating to customers and suppliers,” the company said, adding that the attack did not impact its products, business operations or manufacturing. 

“Logitech does not believe any sensitive personal information, such as national ID numbers or credit card information, was housed in the impacted IT system.”

The attack will not have an impact on the company’s finances and plans to cover any costs with cyber insurance, the company noted. 

The filing comes one week after the Clop cybercriminal organization claimed it stole information from Logitech through a zero-day vulnerability in Oracle’s E-Business Suite tool. 

A spokesperson for Logitech declined to confirm whether the incident involved Clop or the zero-day impacting Oracle’s E-Business Suite. 

Reports from Google and other security firms indicate the hackers used a variety of vulnerabilities in Oracle E-Business Suite to gain access to sensitive data, including at least one zero-day vulnerability that was added to a federal watchlist in September. 

The Clop cybercriminal group initially attempted to extort corporate executives in October by threatening to leak sensitive information stolen through the application. Oracle confirmed the campaign but initially said the hackers were exploiting bugs that had been addressed in a July update, without specifying which vulnerabilities were being used. 

FBI Assistant Director Brett Leatherman said that one of the bugs exploited in the campaign is a “‘stop-what-you’re-doing and patch immediately’ vulnerability.”

Since then, several organizations have come forward to confirm data theft incidents, including regional American airline Envoy Air and Harvard University. The Washington Post told regulators last week that nearly 10,000 people had information stolen as part of the breach. 

Since announcing that it was behind the exploitation of the zero-day affecting Oracle E-Business Suite customers, Clop has listed dozens of victims on its leak site. 

The Russia-based extortion group has earned hundreds of millions of dollars by exploiting unreported vulnerabilities in popular file transfer tools from Cleo, MOVEit, GoAnywhere and Accellion.