{Hardware} accent large Logitech has confirmed it suffered an information breach in a cyberattack claimed by the Clop extortion gang, which carried out Oracle E-Enterprise Suite information theft assaults in July.
Logitech Worldwide S.A. is a Swiss multinational electronics firm that sells {hardware} and software program options, together with laptop peripherals, gaming, video collaboration, music, and good dwelling merchandise.
Right this moment, Logitech filed a Type 8-Okay with the U.S. Securities and Change Fee, confirming that information was stolen in a breach.
“Logitech Worldwide S.A. (“Logitech”) lately skilled a cybersecurity incident regarding the exfiltration of information. The cybersecurity incident has not impacted Logitech’s merchandise, enterprise operations or manufacturing,” disclosed Logitech.
“Upon detecting the incident, Logitech promptly took steps to research and reply to the incident with the help of main exterior cybersecurity companies.”
Logitech says the information seemingly contains restricted details about staff and shoppers, in addition to information regarding clients and suppliers, however the firm doesn’t imagine hackers gained entry to delicate info reminiscent of nationwide ID numbers or bank card info, as that information was not saved within the breached methods.
Logitech says that the breach occurred by way of a third-party zero-day vulnerability that was patched as quickly as a repair was out there.
This assertion comes after the Clop extortion gang added Logitech to its data-leak extortion web site final week, leaking nearly 1.8 TB of information allegedly stolen from the corporate.
Whereas the corporate doesn’t identify the software program vendor, the breach was seemingly brought on by an Oracle zero-day vulnerability exploited by the Clop extortion gang in July data-theft assaults.
Final month, Mandiant and Google started monitoring a new extortion marketing campaign through which quite a few corporations obtained emails from the Clop ransomware operation claiming that delicate information had been stolen from their Oracle E-Enterprise Suite methods.Â
These emails warned that the stolen information could be leaked if a ransom demand was not paid.
Quickly after, Oracle confirmed a brand new E-Enterprise Suite zero-day, tracked as CVE-2025-61882, and issued an emergency replace to repair the flaw.
The Clop extortion gang has a lengthy historical past of exploiting zero-day flaws in large information theft assaults, together with:
Different organizations impacted by the 2025 Oracle E-Enterprise Suite information theft assaults embrace Harvard, Envoy Air, and The Washington Publish.
BleepingComputer contacted Logitech earlier this month and once more in the present day with questions concerning the breach and can replace the story if we obtain a response.
It is finances season! Over 300 CISOs and safety leaders have shared how they’re planning, spending, and prioritizing for the yr forward. This report compiles their insights, permitting readers to benchmark methods, determine rising traits, and examine their priorities as they head into 2026.
Find out how high leaders are turning funding into measurable influence.
