WK Kellogg Co., the Michigan-based food manufacturing giant, has notified Maine regulators of a December 2024 cybersecurity incident that exposed personally identifiable information (PII), including Social Security numbers.
The breach, filed under Maine’s stringent data breach notification laws (Title 10, Chapter 210-B), marks the company’s first publicly reported security incident in over a year.
Breach Timeline and Scope
The breach occurred on December 7, 2024, but was not discovered until February 27, 2025, according to a submission by outside counsel Baker & Hostetler LLP.
While only one Maine resident was confirmed to be impacted, the total number of affected individuals nationwide remains unspecified.
Compromised data included:
- Full names
- Social Security numbers
- Additional identifiers linked to financial or medical information.
Response and Remediation
WK Kellogg initiated written notifications to affected parties by April 4, 2025, alongside a year of complimentary credit monitoring and identity theft protection through Kroll, a global risk mitigation firm.
The services include:
- Real-time credit report surveillance
- Dark web monitoring
- Identity restoration support.
Regulatory Context
Maine’s breach law mandates disclosure even if a single resident is affected, requiring entities to report within 30 days of discovery.
WK Kellogg’s filing met this deadline, submitting documentation (including a redacted notice sample: WK_ME_App_&_Sample.pdf) to the Maine Attorney General’s office.
Broader Implications
While the root cause remains undisclosed, cybersecurity experts emphasize that such incidents often stem from phishing attacks or unpatched software vulnerabilities.
For manufacturers like WK Kellogg—which split from Kellanova in 2023—data governance complexities post-restructuring may heighten exposure risks.
In a statement, the company reiterated its “commitment to safeguarding consumer data” and encouraged impacted individuals to enroll in Kroll’s services.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates
%20(1)%20(1).webp?w=1200&resize=1200,0&ssl=1&description=The breach, filed under Maine’s stringent data breach notification laws, marks the company’s first publicly reported security incident in over a year.){kind=link}