Logitech disclosed a knowledge breach shortly after it was named as a sufferer of the current hacking and extortion marketing campaign focusing on clients of Oracle’s E-Enterprise Suite (EBS) enterprise useful resource planning answer.
In a Friday submitting with the SEC, the buyer electronics big stated it lately skilled a cybersecurity incident that concerned information exfiltration.
“Whereas the investigation is ongoing, right now, Logitech believes that the unauthorized third get together used a zero-day vulnerability in a third-party software program platform and copied sure information from the interior IT system,” Logitech stated.
“The information doubtless included restricted details about staff and customers and information referring to clients and suppliers. Logitech doesn’t imagine any delicate private info, akin to nationwide ID numbers or bank card info, was housed within the impacted IT system,” it added.
The corporate famous that merchandise, enterprise operations, or manufacturing weren’t impacted, and it doesn’t imagine the incident can have a fabric influence on its monetary situation or outcomes of operations.
“Logitech maintains a complete cybersecurity insurance coverage coverage, which we count on will, topic to coverage limits and deductibles, cowl prices related to incident response and forensic investigations, in addition to enterprise interruptions, authorized actions and regulatory fines, if any,” the corporate stated.
Whereas Logitech has not named the third-party platform focused within the zero-day assault, the disclosure comes after the corporate was named on the Cl0p ransomware leak web site as a sufferer of the Oracle EBS marketing campaign.
Logitech was listed on the Cl0p website in early November. After repeated requests for remark from SecurityWeek, the corporate responded on November 10 to say that it’s not commenting on the matter. Commercial. Scroll to proceed studying.
The cybercriminals have leaked 1.8 TB price of archive recordsdata allegedly storing info stolen from Logitech.
Over 50 victims have been named so far on the Cl0p web site, together with main corporations. Some organizations, akin to The Washington Publish, Hitachi subsidiary GlobalLogic, Harvard College, and American Airways subsidiary Envoy Air, have confirmed being impacted.
It’s nonetheless not clear which Oracle EBS zero-days have been exploited within the marketing campaign claimed by Cl0p, however the primary candidates are CVE-2025-61884 and CVE-2025-618842.
Whereas Cl0p has been the public-facing entity, the cybersecurity neighborhood has linked the marketing campaign to an unknown cluster of the menace actor tracked as FIN11, which was additionally liable for comparable operations focusing on clients of Cleo, MOVEit, and Fortra file switch merchandise.
Associated: NHS Investigating Oracle EBS Hack Claims as Hackers Title Over 40 Alleged Victims
Associated: Industrial Giants Schneider Electrical and Emerson Named as Victims of Oracle Hack
Associated: Refined Malware Deployed in Oracle EBS Zero-Day Assaults
