Cree Lighting

Cree Lighting, headquartered in the United States, experienced a cybersecurity incident on June 1, 2023. The attack exploited a vulnerability in the MOVEit file transfer software, which is used for secure data transfers. This incident was attributed to the CL0P cyber gang and resulted in a data breach. Approximately 609 individuals had their personal information compromised. The exposed data included names, addresses, dates of birth, and Social Security numbers. Such information is considered highly sensitive and can be used for identity theft. The breach occurred as part of a broader global campaign targeting MOVEit vulnerabilities. Cree Lighting was among the organizations affected by this widespread exploitation. The incident emphasized the risks associated with third-party software vulnerabilities. The specific number of affected individuals indicates a focused data theft operation.

In response to the breach, Cree Lighting engaged independent cybersecurity experts to contain the incident and evaluate the impact. The company secured its systems by addressing the MOVEit vulnerability and strengthening access controls. Law enforcement authorities were notified and are involved in the investigation. Affected individuals are being offered complimentary credit monitoring services for 24 months. This service is designed to help detect any misuse of personal data and provide assistance. The company's actions follow standard procedures for data breach response. The extended credit monitoring period addresses the long-term risks from the exposed sensitive information. Cree Lighting continues to cooperate with authorities as part of the ongoing investigation into the CL0P gang's activities.