CyberSecurity news
FlagThis
ross.kelly@futurenet.com (Ross@Latest from ITPro
//
Hertz Corporation has announced a data breach affecting customers of its Hertz, Thrifty, and Dollar car rental brands. The breach stems from the exploitation of Cleo zero-day vulnerabilities in late 2024. Customer data, including personal information and driver's licenses, was stolen. The company confirmed the breach on February 10, 2025, stating that an unauthorized third party acquired Hertz data by exploiting vulnerabilities within Cleo's platform in October and December 2024.
The stolen data varies depending on the region, but generally includes customer names, dates of birth, contact information, driver's licenses, payment card information, and workers' compensation claims. In some instances, Social Security numbers and other government-issued identification numbers were also compromised. Notices about the breach have been posted on Hertz websites for customers in Australia, Canada, the European Union, New Zealand, the United Kingdom, and several U.S. states, including California, Maine, and Texas. Hertz has disclosed that at least 3,400 customers in Maine and some 96,665 customers in Texas were affected.
The company attributed the breach to vulnerabilities in Cleo's software, which was targeted by the Clop ransomware gang in 2024. This breach highlights the significant cybersecurity risks associated with third-party vendors and the potential for mass data theft. It is another example of the widespread consequences that can occur from zero-day exploits in widely used enterprise file transfer products. Those affected have been advised to take precautions to protect their personal and financial information.
ImgSrc: cdn.mos.cms.fut
References :
The stolen data varies depending on the region, but generally includes customer names, dates of birth, contact information, driver's licenses, payment card information, and workers' compensation claims. In some instances, Social Security numbers and other government-issued identification numbers were also compromised. Notices about the breach have been posted on Hertz websites for customers in Australia, Canada, the European Union, New Zealand, the United Kingdom, and several U.S. states, including California, Maine, and Texas. Hertz has disclosed that at least 3,400 customers in Maine and some 96,665 customers in Texas were affected.
The company attributed the breach to vulnerabilities in Cleo's software, which was targeted by the Clop ransomware gang in 2024. This breach highlights the significant cybersecurity risks associated with third-party vendors and the potential for mass data theft. It is another example of the widespread consequences that can occur from zero-day exploits in widely used enterprise file transfer products. Those affected have been advised to take precautions to protect their personal and financial information.
ImgSrc: cdn.mos.cms.fut
Share:
References :
- securityaffairs.com: Hertz disclosed a data breach following 2024 Cleo zero-day attack
- techcrunch.com: Hertz says customers’ personal data and driver’s licenses stolen in data breach
- The DefendOps Diaries: Hertz Data Breach: Lessons in Cybersecurity and Vendor Management
- www.bleepingcomputer.com: Hertz confirms customer info, drivers' licenses stolen in data breach
- Zack Whittaker: New by me: Car rental giant Hertz has confirmed a data breach affecting customers' personal information, driver's licenses, and payment card data. Customers worldwide are being notified.
- techcrunch.com: Hertz says customers' personal data and driver's licenses stolen in data breach
- BleepingComputer: Car rental giant Hertz Corporation warns it suffered a data breach after customer data for its Hertz, Thrifty, and Dollar brands was stolen in the Cleo zero-day data theft attacks.
- www.itpro.com: Cleo attack victim list grows as Hertz confirms customer data stolen – and security experts say it won't be the last
- Malwarebytes: Hertz data breach caused by CL0P ransomware attack on vendor Cleo
- PCMag UK security: Hackers Stole Credit Card, Driver's License Info in Hertz Data Breach
- Zack Whittaker: Hertz won't say how many are affected by its breach, but continues to notify U.S. states, giving a little indication of the numbers. Per its filing in Texas today, Hertz said 96,665 Texas residents are affected. Plus 3,400 people in Maine and that's already 100,000+ people in two states alone.
- www.cybersecuritydive.com: Hertz says personal data breached in connection with Cleo file-transfer flaws
- ComputerWeekly.com: Hertz warns UK customers of Cleo-linked data breach
- The Register - Security: Where it Hertz: Customer data driven off in Cleo attacks
- cyberinsider.com: Hertz Confirms Data Breach Following Clop Ransomware Leaks
- cyberinsider.com: Analysis of how the Clop ransomware group exploited zero-day vulnerabilities to compromise Hertz's systems
- Help Net Security: Car rental company Hertz suffers a data breach from exploitation of vulnerabilities in third-party software.
- hackread.com: Hertz Confirms Data Breach After Hackers Stole Customer PII
Classification:
- HashTags: #DataBreach #Hertz #CleoSoftware
- Company: Hertz
- Target: Hertz Customers
- Product: Customer Data
- Feature: Customer Data
- Malware: Cleo zero-day exploit
- Type: DataBreach
- Severity: Major