Automobile rental large Hertz Company warns it suffered a knowledge breach after buyer knowledge for its Hertz, Thrifty, and Greenback manufacturers was stolen within the Cleo zero-day knowledge theft assaults.
“On February 10, 2025, we confirmed that Hertz knowledge was acquired by an unauthorized third get together that we perceive exploited zero-day vulnerabilities inside Cleo’s platform in October 2024 and December 2024,” reads the Hertz knowledge breach notification.
“Hertz instantly started analyzing the info to find out the scope of the occasion and to determine people whose private info could have been impacted.”
The corporate says that the info varies per particular person however might include clients’ names, contact info, date of start, bank card info, driver’s license info, and data associated to employees’ compensation claims.
As well as, Hertz says a small quantity could have had their Social Safety numbers or authorities identification stolen.
“A really small variety of people could have had their Social Safety or different authorities identification numbers, passport info, Medicare or Medicaid ID (related to employees’ compensation claims), or injury-related info related to car accident claims impacted by the occasion,” warned Hertz.
Whereas Hertz has not shared what number of clients have been impacted by the incident, Maine’s Legal professional Basic’s Workplace stories that 3,409 individuals within the state are receiving notifications. The notifications have been additionally shared with California and Vermont, which don’t report the variety of impacted individuals within the state.
Hertz is now providing clients two years of free identification monitoring companies and advising these impacted to be looking out for potential fraud.
Whereas Hertz says it has not detected “any misuse of private info for fraudulent functions,” the Clop ransomware gang beforehand leaked the corporate’s knowledge on their extortion website.
Supply: BleepingComputer
In October 2024, Clop mass-exploited a zero-day vulnerability in Cleo managed file switch platforms: Cleo Concord, VLTrader, and LexiCom.
Clop later claimed accountability for the assaults, stating they stole the info for 66 firms.
Different firms who confirmed or mentioned they have been investigating knowledge breaches from the Cleo knowledge theft assaults embody Western Alliance Financial institution, WK Kellogg Co, and Sam’s Membership.
The Clop ransomware gang, aka TA505 and Cl0p, launched in March 2019, when it first started concentrating on firms with ransomware.
Nevertheless, since 2020, the ransomware gang has centered extra on knowledge theft assaults, concentrating on beforehand unknown zero-day vulnerabilities in safe file switch platforms to steal knowledge.
This stolen knowledge is then used to extort firms for tens of millions of {dollars} to forestall the information from leaking.
Earlier Clop knowledge theft assaults additionally focused MOVEit Switch, GoAnywhere MFT, SolarWinds Serv-U, and Accelion FTA safe file switch platforms.
Primarily based on an evaluation of 14M malicious actions, uncover the highest 10 MITRE ATT&CK methods behind 93% of assaults and defend in opposition to them.
