Article Details

Hertz confirms customer info and drivers' licenses stolen in data breach. Car rental giant Hertz Corporation warns it suffered a data breach after customer data for its Hertz, Thrifty, and Dollar brands was stolen in the Cleo zero-day data theft attacks. "On February 10, 2025, we confirmed that Hertz data was acquired by an unauthorized third party that we understand exploited zero-day vulnerabilities within Cleo's platform in October 2024 and December 2024," reads the Hertz data breach notification. "Hertz immediately began analyzing the data to determine the scope of the event and to identify individuals whose personal information may have been impacted." The company says that the data varies per individual but could contain customers' names, contact information, date of birth, credit card information, driver's license information, and information related to workers' compensation claims. In addition, Hertz says a small number may have had their Social Security numbers or government identification stolen. "A very small number of individuals may have had their Social Security or other government identification numbers, passport information, Medicare or Medicaid ID (associated with workers' compensation claims), or injury-related information associated with vehicle accident claims impacted by the event," warned Hertz. While Hertz has not shared how many customers were impacted by the incident, Maine's Attorney General's Office reports that 3,409 people in the state are receiving notifications. The notifications were also shared with California and Vermont, which do not report the number of impacted people in the state. Hertz is now offering customers two years of free identity monitoring services and advising those impacted to be on the lookout for potential fraud. While Hertz says it has not detected "any misuse of personal information for fraudulent purposes," the Clop ransomware gang previously leaked the company's data on their extortion site. In October 2024, Clop mass-exploited a zero-day vulnerability in Cleo managed file transfer platforms: Cleo Harmony, VLTrader, and LexiCom. Clop later claimed responsibility for the attacks, stating they stole the data for 66 companies. Other companies who confirmed or said they were investigating data breaches from the Cleo data theft attacks include Western Alliance Bank, WK Kellogg Co, and Sam's Club. The Clop ransomware gang, aka TA505 and Cl0p, launched in March 2019, when it first began targeting companies with ransomware. However, since 2020, the ransomware gang has focused more on data theft attacks, targeting previously unknown zero-day vulnerabilities in secure file transfer platforms to steal data. This stolen data is then used to extort companies for millions of dollars to prevent the files from leaking. Previous Clop data theft attacks also targeted MOVEit Transfer, GoAnywhere MFT, SolarWinds Serv-U, and Accelion FTA secure file transfer platforms. Top 10 MITRE ATT&CK© Techniques Behind 93% of Attacks Based on an analysis of 14M malicious actions, discover the top 10 MITRE ATT&CK techniques behind 93% of attacks and how to defend against them.