Logitech confirmed a data breach linked to the Clop extortion gang, which recently leaked nearly 1.8 TB of data from the company. The breach stems from a third-party zero-day vulnerability, likely involving Oracle’s E-Business Suite, which was exploited in a series of attacks in July. Logitech stated that while the stolen data includes some information about employees, consumers, and business partners, it does not believe that sensitive data like national ID numbers or credit card information was compromised. In a filing with the U.S. Securities and Exchange Commission, Logitech disclosed that it has taken swift action to investigate the incident with help from external cybersecurity firms. The breach was identified and addressed quickly, with the vulnerability being patched as soon as a fix was available. The Clop gang has a history of exploiting similar vulnerabilities, having targeted various organizations over the years, including a notable attack that affected 2,773 entities in 2023. Other victims of the recent Oracle E-Business Suite attacks include notable institutions like Harvard and The Washington Post. The implications of this breach extend beyond Logitech, highlighting the ongoing threat posed by the Clop gang and similar cybercriminals. Their pattern of exploiting zero-day vulnerabilities poses a persistent risk to many businesses, emphasizing the need for robust cybersecurity measures across the board.