Walmart has confirmed to CyberInsider it launched an internal investigation following claims by the Clop ransomware group that it compromised Sam’s Club, a membership-based retail warehouse chain owned and operated by Walmart Inc.
Sam’s Club warehouse chain serves more than 600 locations across the United States and Puerto Rico, catering to millions of members with bulk goods, groceries, electronics, and pharmacy services. The entity has an annual revenue estimated at $21.3 billion.
Allegations about a data breach surfaced on Clop’s dark web leak site earlier today, with the gang posting company details while accusing Sam’s Club of neglecting customer security.
While no data samples were published on Clop’s site at the time of writing, the post suggests Clop is attempting to pressure the company into negotiations or public acknowledgment.
In a statement provided to CyberInsider regarding those claims, Walmart responded:
“We are aware of reports regarding a potential security incident and are actively investigating the matter. Protecting the privacy and security of our members’ information is a top priority at Sam’s Club. We take these concerns seriously and will communicate further as appropriate.”
Clop’s allegation raises concerns that this incident may be part of the broader Cleo campaign, a wave of cyberattacks exploiting vulnerabilities in Cleo’s managed file transfer (MFT) software. As previously reported, Clop had used two zero-day vulnerabilities — CVE-2024-50623 and CVE-2024-55956 — to breach multiple organizations, including major supply chain management software provider Blue Yonder. However, Walmart has not confirmed to CyberInsider whether it uses Cleo’s MFT solutions, leaving any connection to that campaign speculative at this stage.
A breach affecting Sam’s Club could expose sensitive information tied to a massive customer base, with significant implications for consumer privacy and trust, especially given Clop’s history of exfiltrating large volumes of sensitive data and leveraging it for extortion. Clop’s previous campaigns, including the MOVEit and GoAnywhere MFT attacks, have targeted file transfer services as an entry point into corporate networks, leading to widespread downstream exposure.
However, no data breach has been confirmed in this case, and Walmart told CyberInsider that it sees no evidence of compromise on its systems as of yet.
Leave a Reply