{Hardware} accent big Logitech has confirmed it suffered a knowledge breach in a cyberattack claimed by the Clop extortion gang, which performed Oracle E-Enterprise Suite knowledge theft assaults in July.
Logitech Worldwide S.A. is a Swiss multinational electronics firm that sells {hardware} and software program options, together with laptop peripherals, gaming, video collaboration, music, and good dwelling merchandise.
Immediately, Logitech filed a Kind 8-Ok with the U.S. Securities and Trade Fee, confirming that knowledge was stolen in a breach.
“Logitech Worldwide S.A. (“Logitech”) not too long ago skilled a cybersecurity incident regarding the exfiltration of knowledge. The cybersecurity incident has not impacted Logitech’s merchandise, enterprise operations or manufacturing,” disclosed Logitech.
“Upon detecting the incident, Logitech promptly took steps to research and reply to the incident with the help of main exterior cybersecurity companies.”
Logitech says the information probably contains restricted details about staff and shoppers, in addition to knowledge regarding clients and suppliers, however the firm doesn’t consider hackers gained entry to delicate info equivalent to nationwide ID numbers or bank card info, as that knowledge was not saved within the breached methods.
Logitech says that the breach occurred by a third-party zero-day vulnerability that was patched as quickly as a repair was out there.
This assertion comes after the Clop extortion gang added Logitech to its data-leak extortion website final week, leaking virtually 1.8 TB of knowledge allegedly stolen from the corporate.
Whereas the corporate doesn’t identify the software program vendor, the breach was probably brought on by an Oracle zero-day vulnerability exploited by the Clop extortion gang in July data-theft assaults.
Final month, Mandiant and Google started monitoring a new extortion marketing campaign by which quite a few firms acquired emails from the Clop ransomware operation claiming that delicate knowledge had been stolen from their Oracle E-Enterprise Suite methods.
These emails warned that the stolen knowledge could be leaked if a ransom demand was not paid.
Quickly after, Oracle confirmed a brand new E-Enterprise Suite zero-day, tracked as CVE-2025-61882, and issued an emergency replace to repair the flaw.
The Clop extortion gang has a lengthy historical past of exploiting zero-day flaws in huge knowledge theft assaults, together with:
Different organizations impacted by the 2025 Oracle E-Enterprise Suite knowledge theft assaults embrace Harvard, Envoy Air, and The Washington Publish.
BleepingComputer contacted Logitech earlier this month and once more in the present day with questions relating to the breach and can replace the story if we obtain a response.
Whether or not you are cleansing up previous keys or setting guardrails for AI-generated code, this information helps your staff construct securely from the beginning.
Get the cheat sheet and take the guesswork out of secrets and techniques administration.
