- Have The Last Word Against Ransomware with Immutable Backup
- Multi-channel Secure Communication
- Apple's bold idea for no-code apps built with Siri - hype or hope?
- The camera I recommend to most new photographers is not a Nikon or Sony
- I tested LG's new ultrathin 2-in-1, and it handles creative workloads like a dream
Hertz Data Breach Exposes Customer Information in Cleo Zero-Day Attack
Hertz Corporation has confirmed a data breach that exposed sensitive customer data after attackers exploited a zero-day vulnerability in file transfer software provided by Cleo Communications.
The breach affected the Hertz, Thrifty and Dollar brands and occurred in October and December 2024. It was disclosed on February 10 2025.
The exposed data includes:
- Names
- Contact information
- Dates of birth
- Credit card details
- Driver’s license numbers
- Workers’ compensation claim data
In a smaller number of cases, even more sensitive details were accessed – such as Social Security numbers, government-issued IDs, passport information and injury-related records tied to car accidents.
The Clop ransomware group, which has targeted dozens of companies in similar attacks, claimed responsibility.
Read more on ransomware groups: Fraudsters Impersonate Clop Ransomware to Extort Businesses
Hertz said the Cleo platform was used only for “limited purposes” but acknowledged that attackers were able to access a range of customer data during the incident.
Cleo has since patched the exploited vulnerabilities.
Breach Notification Issued
Hertz has not disclosed how many people were affected, though Maine’s Attorney General reported 3409 residents have received breach notifications. Customers in California and Vermont were also notified.
The company has offered two years of free identity protection through Kroll and is urging affected individuals to monitor their financial accounts, check credit reports and consider freezing their credit files.
Ensar Seker, CISO at SOCRadar, described the breach as “a textbook example of how third-party vulnerabilities can cascade into massive data exposure.”
He warned that “this is prime identity theft material,” noting the range of data involved.
“A driver’s license or Social Security number cannot be ‘reset’ like a password,” Seker said.
“Once they are exposed, victims become vulnerable to synthetic identity fraud, targeted phishing and even fraudulent claims or loans.”
James Neilson, SVP International at OPSWAT, also commented on the breach.
“Hertz’s breach notification highlights the lasting impact zero-day vulnerability attacks can have on companies,” the executive warned.
“Only a coordinated approach that identifies risks and addresses them across the digital supply chain can prevent service disruptions and data breaches.”
Neilson also emphasized the importance of proactive patching and vulnerability assessments, noting that “automated patching tools ease the burden […] and ensure that patches are applied consistently and promptly, helping close security gaps before they can be exploited.”
A Growing Pattern in Ransomware Tactics
This incident is part of a broader trend in cyber-attacks, where threat actors target software supply chains to maximize impact.
Clop has previously exploited vulnerabilities in similar platforms, including MOVEit Transfer and GoAnywhere MFT.
As reliance on third-party software increases, experts agree that organizations must rethink security at every level – from vetting vendors to improving internal resilience.
For consumers, the long-term risks of leaked personal data remain high, with little recourse once permanent identifiers are exposed.
Image credit: EQRoy / Shutterstock.com
