On April 4, 2025, WK Kellogg filed a notice of data breach with the Attorney General of Maine after discovering that an unauthorized party was able to access company information through a third-party data breach at Cleo. In this notice, WK Kellogg explains that the incident resulted in an unauthorized party being able to access employees’ sensitive information, which includes their names and Social Security numbers. While the incident didn’t impact WK Kellogg’s network, WK Kellogg began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.
If you received a data breach notification from WK Kellogg or Cleo, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the WK Kellogg / Cleo data breach. For more information, please see our recent piece on the topic here.
What Caused the WK Kellogg Data Breach?
The WK Kellogg / Cleo data breach was only recently announced, and more information is expected in the near future. However, WK Kellogg’s filing with the Attorney General of Maine provides some important information on what led up to the breach. According to this source, Cleo is a technology vendor that provides a secure file transfer application that is used by many organizations, including WK Kellogg.
On February 27, 2025, WK Kellogg learned that Cleo may have been impacted by a recent data security incident. In response, WK Kellogg reached out to Cleo, and Cleo confirmed that an unauthorized party was able to access certain servers on December 7, 2024. It was later confirmed that some of the affected servers stored files containing confidential WK Kellogg employee information.
After learning that sensitive consumer data was accessible to an unauthorized party, Cleo provided WK Kellogg a list of compromised files, which WK Kellogg reviewed to determine what information was leaked and which consumers were impacted. While the breached information varies depending on the individual, it may include your name and Social Security number.
On April 4, 2025, WK Kellogg sent out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of what information belonging to them was compromised.
More Information About WK Kellogg
WK Kellogg Co is a food manufacturing company specializing in ready-to-eat cereals, with a portfolio of brands including Frosted Flakes, Froot Loops, Raisin Bran, and Rice Krispies. Headquartered in Battle Creek, Michigan, the company was established in 2023, following its separation from Kellogg Company, which was rebranded as Kellanova. WK Kellogg Co., which focuses primarily on the North American market, employs approximately 3,280 people and generates annual revenues of approximately $2.71 billion.
