Electronics firm Logitech has confirmed that it's fallen victim to a cyber attack, warning that customer and employee data has been stolen.
The company said that when the incident was detected it promptly took steps to investigate and respond, calling in external cybersecurity firms for help.
"While the investigation is ongoing, at this time Logitech believes that the unauthorized third party used a zero-day vulnerability in a third-party software platform and copied certain data from the internal IT system," said the firm.
"The zero-day vulnerability was patched by Logitech following its release by the software platform vendor."
Logitech said the exfiltrated data included 'limited' information about employees and consumers, and data relating to customers and suppliers.
"Logitech does not believe any sensitive personal information, such as national ID numbers or credit card information, was housed in the impacted IT system," it said.
The electronics firm added that the incident has not impacted products, business operations or manufacturing, and it doesn't believe the incident will have a material adverse effect on its financial condition or results of operations.
Similarly, the company noted it maintains a comprehensive cybersecurity insurance policy, which it's expecting to cover the costs of incident response and forensic investigations, as well as business interruptions, legal actions and regulatory fines, if any.
What happened with the Logitech attack?
The attack, which took place in September, has been claimed by the Clop extortion gang and is believed to form part of a campaign targeting customers of Oracle’s E-Business Suite (EBS) enterprise resource planning solutions. In the case of Logitech, the group claims more than a terabyte of data was stolen.
Other alleged victims of the campaign include Harvard University, South Africa’s Wits University, American Airlines subsidiary Envoy Air, and the Washington Post.
Recent analysts from Mandiant showed the campaign followed months of intrusion activity targeting EBS customer environments.
The threat actor exploited a zero-day vulnerability - tracked as CVE-2025-61882 - against Oracle EBS customers as early as August 9, with additional suspicious activity dating back to July 10.
On October 2, Oracle reported that the threat actors may have exploited vulnerabilities that were patched in July and recommended that customers apply the latest critical patch updates; on October 4, it directed customers to apply emergency patches.
Victims received emails giving them a 'few days' to pay up, or else see their data sold, published on the group's blog or shared on torrent trackers.
"CL0P-affiliated actors almost certainly perceive these mass exploitation campaigns as successful, given that they've employed this approach since at least late 2020," the Mandiant researchers warned.
"We therefore anticipate that they will continue to dedicate resources to acquiring zero-day exploits for similar applications for at least the near-term."
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- Logitech says it will now use recycled plastics and 'next life' materials across its entire video conferencing line
- Tired of overbooked meeting rooms? Logitech's new workplace sensor tech aims to streamline office efficiency
- Logitech's MX Master 4 mouse and its 'Action Ring' is a game-changer for modern work
-
Hounslow Council partners with Amazon Web Services (AWS) to build resilience and transition away from legacy techSpomsored One of the most diverse and fastest-growing boroughs in London has completed a massive cloud migration project. Supported by AWS, it was able to work through any challenges
-
Salesforce targets better data, simpler licensing to spur Agentforce adoptionNews The combination of Agentforce 360, Data 360, and Informatica is more context for enterprise AI than ever before
-
The Scattered Lapsus$ Hunters group is targeting Zendesk customers – here’s what you need to knowNews The group appears to be infecting support and help-desk personnel with remote access trojans and other forms of malware
-
Impact of Asahi cyber attack laid bare as company confirms 1.5 million customers exposedNews No ransom has been paid, said president and group CEO Atsushi Katsuki, and the company is restoring its systems
-
If you're not taking insider threats seriously, then the CrowdStrike incident should be a big wake up callNews CrowdStrike has admitted an insider took screenshots of systems and shared them with hackers, and experts say it should serve as a wake up call for enterprises globally.
-
Shai-Hulud malware is back with a vengeance and has hit more than 19,000 GitHub repositories so far — here's what developers need to knowNews The malware has compromised more than 700 widely-used npm packages, and is spreading fast
-
Security experts claim the CVE Program isn’t up to scratch anymore — inaccurate scores and lengthy delays mean the system needs updatedNews CVE data is vital in combating emerging threats, yet inaccurate ratings and lengthy wait times are placing enterprises at risk
-
The US, UK, and Australia just imposed sanctions on a Russian cyber crime group – 'we are exposing their dark networks and going after those responsible'News Media Land offers 'bulletproof' hosting services used for ransomware and DDoS attacks around the world
-
Thousands of ASUS routers are being hijacked in a state-sponsored cyber espionage campaignNews Researchers believe that Operation WrtHug is being carried out by Chinese state-sponsored hackers
-
IBM AIX users urged to patch immediately as researchers sound alarm on critical flawsNews Network administrators should patch the four IBM AIX flaws as soon as possible
