Cl0p Claims 200 New Victims from Cleo Campaign — Threatens Mass Data Release

Sunday, March 29, 2026 at 11:00 AM UTC·Source: BleepingComputer / Cl0p Leak Site

Updated: Monday, March 30, 2026 at 09:00 AM UTC

Executive Summary

Cl0p adds 200 organizations to its leak site from the Cleo file transfer campaign. Threatens mass data release starting April 1 if ransoms unpaid.

Analysis

Cl0p has listed 200 organizations on its leak site as victims of the Cleo Harmony/VLTrader exploitation campaign and set an April 1 deadline for mass data release. Victims span financial services, healthcare, retail, and government sectors across 25 countries. Several victims have confirmed data exfiltration. The scale of this campaign approaches Cl0p's 2023 MOVEit operation which affected over 2,500 organizations.

Source Attribution

Originally published by BleepingComputer / Cl0p Leak Site on Mar 29, 2026. Verified by: BleepingComputer, CISA.

Related Threats

HIGHData Breach

250,000 Affected by Data Breach at Nacogdoches Memorial Hospital

In January 2026, a threat actor hacked the hospital’s internal network and stole personal and health information. The post 250,000 Affected by Data Breach at Nacogdoches Memorial Hospital appeared first on SecurityWeek .

17h agoSecurityWeek

HIGHData Breach

Mercor Hit by LiteLLM Supply Chain Attack

The AI recruiting firm is investigating the incident as Lapsus$ claimed the theft of 4TB of Mercor data. The post Mercor Hit by LiteLLM Supply Chain Attack appeared first on SecurityWeek .

18h agoSecurityWeek

LOWData Breach

Attack Surface Management – ein Kaufratgeber

Mit diesen Attack Surface Management Tools sorgen Sie im Idealfall dafür, dass sich Angreifer gar nicht erst verbeißen. Sergey Zaykov | shutterstock.com Regelmäßige Netzwerk-Scans reichen für eine gehärtete Angriffsfläche nicht mehr aus. Um die Sicherheit von Unternehmensressourcen und Kundendaten zu gewährleisten, ist eine kontinuierliche Überwachung auf neue Ressourcen und Konfigurationsabweichu

2d agoCSO Online