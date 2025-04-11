Call me now—and tell me about your Cleo file system problems.

That advice came a little late for breakfast cereal company WK Kellogg (formerly the Kellogg Company), which reported servers managed by ecosystem integration software firm Cleo were hacked before Christmas, on December 7. The breach was discovered over three months later.

Kellogg revealed the hack in a filing for the state of Maine on April 4. At least one state resident was affected with their name and Social Security number exposed; it was unclear if anyone else’s information was breached and where they might be located. To the affected Maine resident, Kellogg offered identity monitoring through the management firm Kroll.

“Cleo informed WK Kellogg that an unauthorized person gained access on December 7, 2024, to the servers Cleo hosted that were used for transferring employee files to WK Kellogg human resources service vendors,” the notice read.

The cards never lie. It’s not the first time Cleo has been targeted. An October breach of Phoenix, Arizona-based Western Alliance Bank’s Cleo system resulted in the exposure of roughly 22,000 customers. In December, Cleo announced it had patched a vulnerability that was being used by attackers to exploit and infiltrate internal systems connected to the platform. The danger was clear, Tanium Chief Security Advisor Tim Morris told IT Brew at the time.

“These are prime targets, where you have a one-to-many relationship and you can do a little bit of digging and hit a whole lot of gold, versus doing a lot of digging in multiple places and just coming back with a little bit,” Morris said.

That December attack was linked to Clop ransomware, and reporting from Bleeping Computer suggests the same group is responsible for the Kellogg breach, noting that “the date of the reported incidents coincides with the wave of attacks that occurred in December 2024.”