Retail giant Sam’s Club investigates Clop ransomware breach claims

![Sam’s Club](https://www.bleepstatic.com/content/hl-images/2025/03/28/Sam-s-Club.jpg) Sam’s Club, an American warehouse supermarket chain owned by U.S. retail giant Walmart, is investigating claims of a Clop ransomware breach.The Walmart division operates over 600 warehouse clubs with millions of members across the United States and Puerto Rico and almost 200 additional locations in Mexico and China.Sam’s Club has over 2.3 million employees and reported a total revenue of $84.3 billion for the fiscal year ending January 31, 2023.’We are aware of reports regarding a potential security incident and are actively investigating the matter,’ a Sam’s Club spokesperson told BleepingComputer. ‘Protecting the privacy and security of our members’ information is a top priority at Sam’s Club. We take these concerns seriously and will communicate further as appropriate.’While the company didn’t provide additional details regarding this ongoing investigation, the Clop ransomware gang added a new Sam’s Club entry to its dark web leak site on Friday.The cybercrime group has yet to publish any proof of the breach, and so far, the threat actors only said on their leak site that the Arkansas wholesaler ‘doesn’t care about its customers, it ignored their security.’ ![Sam’s Club entry on Clop’s site](https://www.bleepstatic.com/images/news/u/1109292/2025/Sam’s%20Club%20entry%20on%20Clop’s%20site.png) *Sam’s Club entry on Clop’s site (BleepingComputer)* Clop’s claims of a Sam’s Club breach come after the ransomware gang also started extorting dozens of victims in January, breached in a massive wave of data theft attacks targeting a [zero-day vulnerability (CVE-2024-50623)](https://www.bleepingcomputer.com/news/security/new-cleo-zero-day-rce-flaw-exploited-in-data-theft-attacks/) in Cleo secure file transfer software patched in October.While it’s currently unknown how many companies were breached in the Cleo zero-day attacks, Cleo claims its products are used by over 4,000 organizations worldwide.Arizona-based Western Alliance Bank, one of many companies added to Clop’s leak site in January, [notified nearly 22,000 customers](https://www.bleepingcomputer.com/news/security/western-alliance-bank-notifies-21-899-customers-of-data-breach/) last week that their personal information was stolen in October after exploiting a vulnerability in third-party secure file transfer software.The Clop ransomware gang was previously linked to other [data theft campaigns](https://www.bleepingcomputer.com/news/security/clop-ransomware-claims-responsibility-for-moveit-extortion-attacks/) targeting zero-day flaws in [Accellion FTA](https://www.bleepingcomputer.com/tag/accellion/), [MOVEit Transfer](https://www.bleepingcomputer.com/news/security/new-moveit-transfer-zero-day-mass-exploited-in-data-theft-attacks/), and [GoAnywhere MFT](https://www.bleepingcomputer.com/news/security/fortra-shares-findings-on-goanywhere-mft-zero-day-attacks/).This isn’t the first security incident that impacted Sam’s Club customers in recent years. In October 2020, Sam’s Club [notified some customers](https://www.bleepingcomputer.com/news/security/sams-club-customer-accounts-hacked-in-credential-stuffing-attacks/) that their accounts were compromised in credential stuffing attacks and automatically reset their SamsClub.com passwords.’This was not a breach of our systems, but rather a case of these parties obtaining user names and passwords from phishing campaigns, planting malware or breaches at other companies,’ a Sam’s Club spokesperson told BleepingComputer at the time. ‘We have reset passwords for these accounts and are taking additional measures to protect the accounts from fraudulent activity.’ ![Red Report 2025](https://www.bleepstatic.com/c/p/picus/red-report-in-article.jpg) [Top 10 MITRE ATT-&CK^©^ Techniques Behind 93% of Attacks](https://hubs.li/Q039Tm490)————————————————————————————-Based on an analysis of 14M malicious actions, discover the top 10 MITRE ATT-&CK techniques behind 93% of attacks and how to defend against them.[Read the Red Report 2025](https://hubs.li/Q039Tm490) ### Related Articles:[Mizuno USA says hackers stayed in its network for two months](https://www.bleepingcomputer.com/news/security/mizuno-usa-says-hackers-stayed-in-its-network-for-two-months/)[Pennsylvania education union data breach hit 500,000 people](https://www.bleepingcomputer.com/news/security/pennsylvania-education-union-data-breach-hit-500-000-people/)[Australian IVF giant Genea breached by Termite ransomware gang](https://www.bleepingcomputer.com/news/security/australian-ivf-giant-genea-breached-by-termite-ransomware-gang/)[Black Basta ransomware gang’s internal chat logs leak online](https://www.bleepingcomputer.com/news/security/black-basta-ransomware-gang-s-internal-chat-logs-leak-online/)[Venture capital giant Insight Partners hit by cyberattack](https://www.bleepingcomputer.com/news/security/venture-capital-giant-insight-partners-hit-by-cyberattack/)

Related Tags:
NAICS: 445 – Food And Beverage Retailers

NAICS: 44 – Retail Trade – Auto

Food

Home

NAICS: 921 – Executive

Legislative

Other General Government Support

NAICS: 52 – Finance And Insurance

NAICS: 92 – Public Administration

NAICS: 522 – Credit Intermediation And Related Activities

Black Basta

Clop

Blog: BleepingComputer

Associated Indicators:

Threat Intel Solutions

Retail giant Sam’s Club investigates Clop ransomware breach claims

Search

Popular Posts

Dangerous runC flaws could allow hackers to escape Docker containers

Lost iPhone? Don’t fall for phishing texts saying it was found

NAKIVO Introduces v11.1 with Upgraded Disaster Recovery and MSP Features

Categories

Pages

Archives

Tags

Follow Us