Logitech International S.A. has confirmed that it was hit by a data breach, the company said in an SEC filing late last week.
Logitech’s 8-K filing released on Nov. 14 was short on details, but the company was named as a victim by the CL0P ransomware group earlier this month as part of the threat group’s campaign targeting Oracle E-Business Suite vulnerabilities.
Of roughly 45 organizations claimed as victims by CL0P, only five have confirmed an attack to date: The Washington Post, Harvard University, American Airlines’ Envoy Air, and Hitachi’s GlobalLogic.
The CL0P campaign is believed to have targeted Oracle E-Business Suite vulnerability CVE-2025-61884, contrary to initial reports that the Oracle EBS vulnerability targeted was CVE-2025-61882.
Logitech Data Breach Confirmed
Logitech said in its SEC filing that the company “recently experienced a cybersecurity incident relating to the exfiltration of data.”
The computer peripherals and software maker said the incident did not impact its products, business operations or manufacturing. After detecting the incident, Logitech said it investigated and responded to the incident with help from unnamed external cybersecurity firms.
Logitech said the company “believes that the unauthorized third party used a zero-day vulnerability in a third-party software platform and copied certain data from the internal IT system. … The data likely included limited information about employees and consumers and data relating to customers and suppliers. Logitech does not believe any sensitive personal information, such as national ID numbers or credit card information, was housed in the impacted IT system.”
Logitech said it patched the third-party vulnerability “following its release by the software platform vendor.”
Logitech Says Cyber Insurance Will Cover Incident
The company said it doesn’t believe the incident will have a “material adverse effect” on its financial condition, in part because it holds “a comprehensive cybersecurity insurance policy, which we expect will, subject to policy limits and deductibles, cover costs associated with incident response and forensic investigations, as well as business interruptions, legal actions and regulatory fines, if any.”
While only five victims have confirmed they were hit in the Oracle cyberattack campaign, the Cl0p ransomware group has claimed about 45 victims to date from the campaign on its dark web data leak site.
Alleged victims claimed by CL0P have spanned a wide range of industries and organizations, including major electronics companies, energy and utility organizations, technology companies, manufacturers, medical technology companies, healthcare providers, major colleges and universities, insurers, security companies, banks, construction and engineering firms, mining companies and communications companies, among other sectors.
CL0P has tended to cluster victims in campaigns targeting specific zero-day vulnerabilities throughout its six-year-history, including 267 claimed victims in February 2025 that drove ransomware attacks to record highs that month.