Skip to main content
data on computer data on computer

Cleo File Transfer Data Breach Investigation | Class Action Lawsuit

Written by Joseph Lyon on . Posted in Data Breach.

The data breach lawyers at The Lyon Firm are investigating numerous data breach incidents reportedly linked to Clop file transfer vulnerabilities, likely exploited by a prominent ransomware group. Several large firms have announced data breaches and have begun sending out data breach notification letters to all impacted businesses and individuals.  

Class action complaints have been filed by some law firms nationwide, and while it is still early in the litigation process, it is prudent to contact an attorney and to protect yourself.  Call to discuss how to take the next steps to minimize the risks of fraud and to discuss possible legal action.

What Happened at Cleo Communications?

A critical flaw in Cleo file-transfer software has been massively exploited by threat actors, resulting in several reported data breaches at large firms like Kellogg and Hertz.

The vulnerability, before it was patched by Cleo in December, was also believed to be a previously patched flaw, which allegedly allowed unrestricted file uploads and downloads, including dangerous file types. Cleo issued a patch in October 2024, but security researchers later discovered it failed to protect against intrusion. Sensitive employee and client data at several companies have now been exposed in a slew of Cleo file transfer data breaches after attackers exploited their transfer software.

WK Kellogg, Hertz and others that were breached last year only recently disclosed the incident and have begun notifying affected individuals by mail.

Cybersecurity firms now have good reason to believe the infamous Clop ransomware group is responsible for the cyberattacks on several firms. The attackers originally exploited known vulnerabilities in Cleo’s Harmony, VLTrader and LexiCom file transfer software. In December, a second flaw was discovered.

Researchers at Huntress, the large cybersecurity platform, say that the Clop threat group, aka Cl0p, has claimed responsibility for the initial exploit. This is the same group that exploited a zero-day vulnerability in Progress Software’s MOVEit solution in late May 2023.

A senior manager of security operations at Huntress, which has tracked the Cleo incident for months has said: “The Hertz data breach underscores the significant risks posed by unpatched zero-day vulnerabilities in widely used third-party platforms like Cleo. This highlights the importance of maintaining robust vulnerability management programs to identify and address security gaps in software promptly, especially those used for sensitive data transfer. The breach also reflects a growing trend of cyber criminals targeting secure file transfer platforms, which are integral to many organizations’ operations. The evolving tactics of ransomware groups shift focus from encryption to data theft and extortion, signal the need for comprehensive cyber security strategies, including encryption of sensitive data at rest and in transit, and heightened monitoring of external connections.”