Fluke Corporation today confirmed it notified 18,517 people of an August 2025 data breach that compromised Social Security numbers, dates of birth, and “an indicator of whether you self-identified as having a disability.”
According to a breach disclosure submitted to Maine’s attorney general, hackers exploited a vulnerability in a third-party application used by Fluke. The breach lasted two months from August 10 to October 7, 2025. Fluke discovered the breach on September 29, 2025.
A ransomware group called Clop took credit for the breach. Clop is well-known for exploiting zero-day vulnerabilities in enterprise software such as Oracle’s E-Business Suite and the MOVEit file transfer app.
Fluke has not acknowledged Clop’s claim and Comparitech cannot independently verify it. We do not know if Fluke paid a ransom or how much Clop demanded. Comparitech contacted Fluke for comment and will update this article if it replies.
“On September 29, 2025, we learned that a criminal actor exploited a vulnerability in a third-party application used by us and was able to access a limited segment of our network,” says Fluke’s notice to breach victims.
“We promptly began investigating this incident and discovered that the criminal actor had access to our network from August 10, 2025, until October 7, 2025.”
Fluke is offering breach victims 24 months of free credit monitoring and identity theft insurance through Equifax.
Who is Clop?
Clop, or Cl0p, is a high-profile ransomware group that first surfaced in 2019. It specializes in exploiting zero-day software vulnerabilities, most recently in Oracle’s E-Business Suite and the Cleo file transfer software. Cl0p targets any organization using the vulnerable software. Like some other ransomware groups, Clop doesn’t always encrypt files. Instead, it steals data and then demands a ransom to not publish or sell it.
Clop claimed responsibility for 458 ransomware attacks in 2025. Of those, 40 were confirmed by the organizations it targeted. This week, Tulane University also began notifying 4,633 victims of a breach claimed by Clop that exploited the Oracle E-Business Suite software.
In 2026 to date, Clop has taken credit for 122 more attacks.
Ransomware attacks on US manufacturing
Comparitech researchers logged 92 confirmed ransomware attacks on US manufacturers in 2025. Those attacks compromised about 156,000 personal records.
Other such recently confirmed attacks include:
- Extant Aerospace notified 3,012 people of an August 2025 ransomware attack
- Mill Creek Fabrics reported a September 2025 data breach claimed by Akira
- AOTCO Metal Finishing notified at least 271 people of a March 2026 data breach claimed by DragonForce
- New Congoleum reported a March 2026 data breach claimed by DragonForce
- Foxconn reported a May 2026 data breach claimed by Nitrogen
- Accretech America reported a May 2026 data breach claimed by AiLock
Ransomware attacks on manufacturers can lock down computer systems and steal data. In Clop’s case, it’s most likely just the latter. Successful infections can disrupt billing, communications, orders, shipments, and in some cases manufacturing equipment and processes. The attackers demand a ransom to restore infected systems and delete stolen data. If manufacturers refuse to pay up, they face extended downtime, permanent data loss, unauthorized data disclosure, and putting data subjects at increased risk of fraud.
About Fluke Corporation
Headquartered in Everett, WA, Fluke Corporation manufactures industrial testing equipment and software. Fluke is a subsidiary of Fortive Corporation.
