Major Data Breach at Hertz Due to CL0P Ransomware Attack on Vendor
Hertz Corporation faces a significant data breach affecting customer information due to a CL0P ransomware attack exploiting vulnerabilities in Cleo file-sharing products.
TL;DR
The Hertz Corporation recently experienced a data breach due to a CL0P ransomware attack targeting vulnerabilities in Cleo file-sharing products. The breach exposed customer information, including names, contact details, driver’s licenses, and, in rare cases, Social Security Numbers. Hertz is offering affected customers two years of free identity monitoring services.
Hertz Data Breach: CL0P Ransomware Attack on Vendor
The Hertz Corporation, representing Hertz, Dollar, and Thrifty brands, is sending breach notifications to customers whose personal information may have been exposed in a recent data breach. The compromised data includes names, contact information, driver’s licenses, and, in rare instances, Social Security Numbers.
Ransomware Attack Details
The data breach occurred due to a ransomware attack exploiting a vulnerability in Cleo file-sharing products. In 2023, the CL0P ransomware gang executed a series of automated campaigns, targeting hundreds of victims simultaneously using zero-day exploits in file-sharing software like MOVEit Transfer and GoAnywhere MFT.
In 2024, CL0P repeated this method by exploiting a zero-day vulnerability in Cleo, a business-to-business (B2B) tech platform specializing in managed file transfer (MFT) solutions such as Cleo Harmony, VLTrader, and LexiCom.
Hertz Confirms Data Breach
Hertz acknowledged being one of the victims:
“On February 10, 2025, we confirmed that Hertz data was acquired by an unauthorized third party that we understand exploited zero-day vulnerabilities within Cleo’s platform in October 2024 and December 2024.”
This information was already known, as CL0P had posted about the breach on their leak site.
A screenshot of some of CL0P’s list of victims (other victims’ names obscured)
The leak site also hosts the stolen data for download. Malwarebytes Labs could not determine the exact number of affected individuals, but the number of available archives is substantial.
A small portion of the downloads list
Customer Notifications and Data Analysis
After a comprehensive data analysis, Hertz is notifying affected customers. The type of stolen data varies but may include:
- Name
- Contact information
- Driver’s license
- Social Security Number (in rare cases)
“A very small number of individuals may have had their Social Security or other government identification numbers, passport information, Medicare or Medicaid ID (associated with workers’ compensation claims), or injury-related information associated with vehicle accident claims impacted by the event.”
While Hertz has not detected any misuse of the stolen information, it is offering affected customers two years of free identity monitoring services through Kroll.
Protecting Yourself After a Data Breach
If you suspect you may have been affected by a data breach, consider the following steps:
- Check the vendor’s advice: Follow specific instructions provided by the vendor.
- Change your password: Use a strong password and consider using a password manager.
- Enable two-factor authentication (2FA): Use a FIDO2-compliant hardware key for enhanced security.
- Watch out for fake vendors: Verify the identity of anyone contacting you regarding the breach.
- Take your time: Be cautious of phishing attempts that create a sense of urgency.
- Consider not storing your card details: Avoid storing card information on websites.
- Set up identity monitoring: Use identity monitoring services to detect illegal trading of your personal information.
Check Your Digital Footprint
Malwarebytes offers a free tool to check your digital footprint. Submit your email address to the free Digital Footprint scan for a report and recommendations.
For more details, visit the full article: source
Conclusion
The data breach at Hertz highlights the ongoing threat of ransomware attacks targeting vulnerabilities in file-sharing platforms. Customers are urged to take proactive measures to protect their personal information and stay vigilant against potential fraud.