Investigating Alleged Cl0p Ransomware Breach at Sam’s Club
Explore the latest developments in the alleged Cl0p ransomware breach at Sam’s Club, including the retailer's response and the broader implications for cybersecurity.
TL;DR
Sam’s Club, a Walmart-owned membership warehouse chain, is investigating claims of a Cl0p ransomware security breach. The Cl0p ransomware group listed Sam’s Club among its victims, accusing the company of ignoring security measures. Sam’s Club has not found evidence of a breach but is taking the allegations seriously. The incident highlights the ongoing threat of ransomware attacks and the importance of robust cybersecurity measures.
Main Content
Sam’s Club Faces Alleged Cl0p Ransomware Breach
Sam’s Club is a prominent membership warehouse club chain in the United States, owned by Walmart. Founded in 1983 by Walmart’s founder Sam Walton, it was initially named Sam’s Wholesale Club before being renamed Sam’s Club in 1990. The chain operates on a bulk retail model, offering members discounted prices on a wide array of products, including electronics, clothing, food, and household items. In the fiscal year 2024, Sam’s Club reported $86 billion in net sales, reflecting a 2.2% revenue growth compared to the previous year. This accounts for approximately 13% of Walmart’s consolidated net sales[^1].
Recently, the Cl0p ransomware group listed Sam’s Club among the victims of its December Cleo software exploit, alleging that the company ignored security measures. Although the ransomware group did not leak any stolen data as proof, the allegations have prompted an investigation by Sam’s Club[^2].
Walmart owned Sam’s Club has allegedly been breached by Clop Ransomware. pic.twitter.com/my7MrceeEd
— Dominic Alvieri (@AlvieriD) March 28, 2025
Sam’s Club has announced that it is investigating the claims but has not found any evidence of a breach. A company spokesperson stated, “We are aware of reports regarding a potential security incident and are actively investigating the matter. Protecting the privacy and security of our members’ information is a top priority at Sam’s Club. We take these concerns seriously and will communicate further as appropriate”[^3].
The Cl0p ransomware group has been active in exploiting vulnerabilities in file-transfer software. In January, the group added 59 new companies to its leak site, claiming to have breached them by exploiting a vulnerability in Cleo file transfer products. The group’s announcement read, “We have data of many companies who use Cleo. Our teams are reaching and calling your company and provide your special secret chat. If you are not sure if we have your data, emails us here”[^4].
New Clop Ransomware CLEO victim list pic.twitter.com/2Ape3KVuHO
— Dominic Alvieri (@AlvieriD) January 15, 2025
In December 2024, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability CVE-2024-50623 (CVSS score 8.8) to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability affects multiple Cleo products, including LexiCom, Harmony, and VLTrader. Cleo has advised customers to upgrade to the latest patch to address the vulnerability[^5].
The security firm Huntress publicly disclosed ongoing exploitation involving Cleo products, noting that the patch does not fully mitigate the issue. Huntress researchers warned that fully patched systems running version 5.8.0.21 are still exploitable[^6].
In January, the Clop ransomware group threatened to publish stolen data from organizations that ignored ransom negotiations. Some organizations listed by the group have disputed the claims and denied being compromised[^7].
The Clop group has a history of targeting enterprise file transfer software, including large-scale hacking campaigns exploiting vulnerabilities in MOVEit Transfer and GoAnywhere[^8].
For more insights, follow @securityaffairs on Twitter, Facebook, and Mastodon. You can also connect with Pierluigi Paganini for more updates.
Conclusion
The alleged Cl0p ransomware breach at Sam’s Club highlights the ongoing threat of cyberattacks targeting major retailers. As investigations continue, it is crucial for organizations to prioritize cybersecurity measures to protect sensitive data and maintain customer trust. The incident serves as a reminder of the importance of vigilance and proactive security strategies in the face of evolving cyber threats.