Car hire giant hertz has disclosed a worldwide data breach affecting the uk And Other Major Markets, After Baccoming Embroiled in a Serious Compromise of Cleo Communications' Suite of Managed File Transfer (MFT) Products By the Clop (Aka Cl0p) Ransomware Gang,
Although Parent Hertz Corporation – which besides the eponymous Rental firm operates the dollar and thrifty brands – was earlier named by clop on its leak site, the Organization Had Previous no evidence of an intrusion,
In Its Latest Notice, It Did Not Name Clop or officially disclose an extraction or ransomware attack, but revealed that it appeared
A spokesperson said: “on 10 February 2025, we confirmed that hertz data was acquired by an unauthorized Thirds party October 2024 and December 2024. Hertz immediatily began analysing the data to determine the scope of the event and to identify individuals with personal information may have been impacted.
“We complete this data analysis on 2 April 2025, and concluded that the personal information involved in this event may include the folding regard License information and payment card information. “
Hertz has reported the incident to law enforcement and is in the process of engaging relevant national regulators. It is also working with kroll to provide two years of free identity monitoring services to potentially affected individuals. This offer is also being made available to affected customers in the US – Where other data including social security numbers, as well as medicine and medicine identification, have also been also affected.
Customers in Australia, CanadaThe European Union (EU) and New zealand can also consult notices for further guidance.
Us-based cleo has become the latest in a long line of file transfer services and tools to have been targeted by clop – Probably the most notable of these eating the compromise of Progress software's moveit tool in the spring of 2023.
Its Cleo Attacks Arose Through Two Common Vulnerabilites and Exposures (Cves) Tracked As Cve-2024-50623 and Cve-2024-55956 in its harmony, vltrader and lexicom products.
The first of these aries through improper handling of file uploads in the autorun directory, which enables an attacker to upload malicious files to a server and exclusive them. The second enables remote code execution (RCE) through Autorun by enabling an unauthonicated user to import and execute Arbitrary Baash or PowerShell Commands on the Host Using Defaul Settings. It also lets an attacker deploy modular Java Backdoors to Steal Data and Conduct Lateral Movement.
Dray Agha, Senior Manager of Security Operations at HuntressWhich has been at the forefront of Tracking the cleo incident Since the Vulnerabilites First Surfaced, said: “The hertz data breach underscores the significant risks posed by unpatched zero-day vulnerabilities in widely used Third-Platforms Platforms Cleo. Highlights the importance of MainTaining Robust Vulnerability Management Programmes to Identify and Address Security Gaps in Software Promptly, Especially Thus for SENSITIVE DATA Transfer.
“The Breach also reflects a growing trend of cyber criminals targeting secure file transfer platforms, which are integral to many organisations' operations. Shift focus from encryption to data theft and extraction, signal the need for comprehensive cyber security strategies, including encryption of sensitive data at rest and in transit, and infected Monitoring of external connections. “