- Ransomware gang C10p appears to have claimed its latest victim
- Sam’s Club – Walmart wholesale club is investigating the breach
- The breach is most likely part of an earlier exploitation of a Cleo File Transfer vulnerability
Infamous ransomware gang C10p has posted files it claims belong to Walmart-owned membership organization Sam’s Club. The group posted a message on a dark leak site claiming “the company doesn’t care about its customers, it ignored their security!!!”
This is the latest development in an earlier attack from late in 2024, where a vulnerability in Cleo File Transfer led to the compromise of at least two dozen organizations, with C10p claiming responsibility for stealing the information.
Researchers from CyberNews discovered the leaked information, but were told by Sam’s Club that there is currently no evidence of a security incident or intrusion, although the issue is being investigated.
Ransomware resurgence
Sam’s club claims to have over 70 million members, and over 2 million employees, with locations across North and Central America.
Sam’s Club customers can fill medical prescriptions and offer health screenings, which means the breach may have exposed extremely sensitive customer health information. Its suspected hackers intercepted the personal data of around 100,000 employees in the breach, although the scope of the compromise isn’t yet known.
C10P is a notorious ransomware gang, and has been so prolific that it is fuelling a resurgence in ransomware in 2025, claiming responsibility for 385 attacks in the first few weeks of the year.
“The Clop ransomware gang are still making hay while the vulnerable secure file transfer sun continues to shine for them, raking in around half a billion dollars to date – quite a staggering success story,” confirmed Matt Aldridge, Senior Principal Solutions Consultant at OpenText Cybersecurity.
“This continues an increasing trend we are seeing of ransomware gangs focusing on extortion based on data theft rather than purely on denied access to data through the use of encryption.”
The group was formed in 2019, and has since been responsible for one of the biggest cyberattacks of 2023 – a breach that saw the data of over 600 organizations stolen, with more than 40 million customers affected.
