Overview
- Logitech says attackers used a previously unknown flaw in a third-party software platform to access internal IT systems, which the company patched after the vendor released a fix.
- The company believes copied data likely included limited information about employees, consumers, and business partners, and says national ID numbers or credit card data were not on the affected system.
- Logitech states products, core operations, and payment systems were not impacted by the incident.
- The Clop extortion group has claimed responsibility, with reports linking the campaign to Oracle E‑Business Suite vulnerabilities and Clop asserting it stole about 1.8 TB of Logitech data.
- Logitech has engaged external cybersecurity firms, begun required notifications to authorities, and expects its cybersecurity insurance to cover investigation and response costs as the probe continues.