"Logitech believes that the unauthorized third party used a zero-day vulnerability in a third-party software platform and copied certain data from the internal IT system. The zero-day vulnerability was patched by Logitech following its release by the software platform vendor. The data likely included limited information about employees and consumers and data relating to customers and suppliers. Logitech does not believe any sensitive personal information, such as national ID numbers or credit card information, was housed in the impacted IT system."
"Cybercriminals are increasingly going after vendors and backend systems, knowing that a single weak link can expose vast amounts of sensitive data across an entire ecosystem. The theft of nearly 1.8 terabytes of data in this latest attack against Logitech is a clear reminder that the modern supply chain has become one of the most valuable targets for threat actors. When attackers compromise a trusted vendor, they gain a foothold that can be leveraged to reach multiple organizations at once."
Logitech experienced a data breach attributed to the Cl0p ransomware group after an unauthorized actor exploited a zero-day in a third-party software platform and copied internal IT system data. The zero-day was patched after the vendor released it. The exposed data likely included limited information about employees, consumers, customers and suppliers, but did not include sensitive personal identifiers such as national ID numbers or credit card information. The investigation is ongoing and the company expects no material financial or operational impact as of the filing date. The theft of nearly 1.8 terabytes of data underscores supply-chain risk and potential for follow-on attacks.
Read at Securitymagazine
Unable to calculate read time
Collection
[
|
...
]