Overview
- In an SEC Form 8-K and a SIX ad hoc notice, Logitech disclosed that attackers exploited a vendor platform vulnerability to copy data from internal IT systems, and the flaw has been patched.
- Logitech says the exfiltrated information likely involved limited employee, consumer, customer, and supplier records, and it does not believe national ID numbers or credit cards were stored on the impacted system.
- The company reports no effect on products, manufacturing, or broader operations and expects costs to be covered under its cybersecurity insurance policy.
- The Cl0p extortion group has named Logitech on its leak site and claims it stole about 1.8 terabytes of data, with some material published online.
- Security reporting links the incident to Oracle E‑Business Suite CVE-2025-61882, a remotely exploitable vulnerability that researchers say has been used in mass data exfiltration campaigns.