Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
PC peripherals maker Logitech has disclosed a data breach more than a week after the prolific hacking group listed the company as one of more than a dozen victims, including Ansell and The Washington Post.
Swiss multinational Logitech has confirmed it was recently the victim of a cyber attack linked to a string of similar attacks exploiting a vulnerability in Oracle’s E-Business Suite business management platform.
The PC peripheral maker disclosed details of the incident in a Form 8-K filing to the United States Securities and Exchange Commission.
In its 14 November disclosure, Logitech said it had “recently experienced a cyber security incident relating to the exfiltration of data”, before adding that the incident “has not impacted Logitech’s products, business operations or manufacturing”.
“Upon detecting the incident, Logitech promptly took steps to investigate and respond to the incident with the assistance of leading external cyber security firms,” Logitech said.
“While the investigation is ongoing, at this time, Logitech believes that the unauthorised third party used a zero-day vulnerability in a third-party software platform and copied certain data from the internal IT system. The zero-day vulnerability was patched by Logitech following its release by the software platform vendor.”
According to the company, the compromised data included limited employee information, alongside data “relating to customers and suppliers”.
“Logitech does not believe any sensitive personal information, such as national ID numbers or credit card information, was housed in the impacted IT system,” the company said.
Logitech said it believes the incident will not impact its bottom line, and that its comprehensive insurance policy should cover any costs incurred.
The disclosure comes days after Logitech was listed as just one of more than a dozen victims of the Clop cyber extortion operation, following widespread exploitation of CVE-2025-61882, a vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite.
“This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password,” Oracle said in its security advisory, published in early October.
“If successfully exploited, this vulnerability may result in remote code execution.”
Jake Knott, principal security researcher at watchTowr, told Cyber Daily at the time that exploitation of the vulnerability had been ongoing “since at least August 2025” and that Clop had engaged in large-scale data exfiltration, followed by an email-based extortion campaign.
“Based on the evidence, we believe this is Clop activity, and we fully expect to see mass, indiscriminate exploitation from multiple groups within days,” Knott said at the time.
“If you run Oracle EBS, this is your red alert. Patch immediately, hunt aggressively, and tighten your controls – fast.”
Logitech was listed on Clop’s darknet leak site on 7 November, alongside 11 other victims, including the US news organisation, The Washington Post, and the UK’s National Health Service.
Clop has since published the data in a Torrent file, saying, “The company doesn’t care about its customers, it ignored their security!!!”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
