Russian hacking group Cl0p claims to have hacked Walmart’s Sam’s Club warehouse network. Despite the company’s denials, the attack potentially exposed millions of users’ financial and medical data.
On March 29, 2025, the Cl0p hack group added Sam’s Club to its “dark” list of victims on the lyk.com website. This is the fifth major target after a massive exploitation of a vulnerability in the Cleo file-sharing software. Despite the lack of direct evidence of the incident, the company has launched an internal investigation.
Cl0p claims that the company “ignores customer security” and that the attackers’ access could have included both personal financial data and medical information – given Sam’s Club’s pharmacy services. The data of more than 100,000 employees may also be at risk.
At the same time, researchers have already noted errors in the Cl0p publication itself, in particular, the incorrectly specified website address. This does not reduce the seriousness of the situation – such attacks indicate the continuation of hybrid cyberwarfare. Cl0p became famous after the attacks on MOVEit and Fortra GoAnywhere – the largest data leaks of 2023, which affected more than 2,600 companies and 90 million people. The exploitation of Cleo vulnerabilities began in late December, and now Cl0p has already published information about more than 170 companies. Among them are Rackspace, Hertz, Chicago Public Schools and even the manufacturer of Cup Noodles.
Despite the official position of Sam’s Club, the threat is real. Network security is not only the competence of the technical department, but also the responsibility of the business to millions of customers. Cl0p continues to attack large targets with high risk, and businesses must learn to respond quickly, not just deny it.
174 
179 