Logitech confirms data breach by hackers, says no sensitive info exposed; Is Clop extortion gang behind the attack?

Hardware accessory giant Logitech has confirmed a data breach by the hackers, but maintains that no sensitive or customer-related information was compromised. According to the firm, despite the hackers’ assertions, none of the compromised files contained sensitive or customer-related information.
'
According to PCMAG, Logitech disclosed the breach after the Russia-linked ransomware group “CL0P” claimed earlier this month that it had stolen company data: “The company doesn't care about its customers, it ignored their security!!!” It is the same group which was behind the Oracle E-Business Suite data theft incidents in July.

Logitech filed a Form 8-K with the US Securities and Exchange Commission on November 8, confirming that data was stolen in a breach.

"Logitech recently experienced a cybersecurity incident relating to the exfiltration of data. The cybersecurity incident has not impacted Logitech's products, business operations or manufacturing... Upon detecting the incident, Logitech promptly took steps to investigate and respond to the incident with the assistance of leading external cybersecurity firms... Logitech believes that the unauthorized third party used a zero-day vulnerability in a third-party software platform and copied certain data from the internal IT system," the firm said in a filing.

According to Bleeping Computer, Logitech says the stolen data likely contains limited information about employees, consumers, customers, and suppliers, but stresses that no sensitive details - such as national ID numbers or credit card data - were exposed, as this information wasn’t stored on the affected systems. The company reports that the breach stemmed from a zero-day vulnerability in a third-party platform, which was patched as soon as a fix became available.

The clarification follows the Clop extortion gang’s decision to add Logitech to its data-leak site last week, releasing nearly 1.8TB of files allegedly taken from the company. Although Logitech has not identified the vendor involved, the incident is believed to be linked to an Oracle zero-day flaw that Clop exploited in a series of data-theft attacks in July, reported Bleeping Computer.