Hertz Confirms Data Breach After Cleo Zero-Day Attack by Clop Ransomware Gang

by | Apr 15, 2025 | News

Post Views: 28

Join our Patreon Channel and Gain access to 70+ Exclusive Walkthrough Videos.

Reading Time: 3 Minutes

Customers of Hertz, Thrifty, and Dollar Affected by File Transfer Platform Attack

Car rental giant Hertz Corporation has confirmed a data breach after attackers exploited zero-day vulnerabilities in the Cleo managed file transfer platform, resulting in the theft of sensitive customer information for users of its Hertz, Thrifty, and Dollar rental brands.

The breach, attributed to the Clop ransomware gang, was part of a larger mass exploitation campaign that affected dozens of companies in late 2024.

Incident Timeline and Affected Systems

According to a breach notification issued by Hertz:

“On February 10, 2025, we confirmed that Hertz data was acquired by an unauthorized third party that we understand exploited zero-day vulnerabilities within Cleo’s platform in October 2024 and December 2024.”

The exploited vulnerabilities targeted Cleo Harmony, VLTrader, and LexiCom — secure file transfer products used by large enterprises to handle sensitive information.

What Data Was Stolen?

Hertz says the type of stolen data varies by individual, but may include:

Full names
Contact details
Dates of birth
Credit card information
Driver’s license numbers
Workers’ compensation claim data

A “very small number” of victims may also have had:

Social Security numbers
Government-issued ID numbers
Passport info
Medicare/Medicaid IDs
Injury-related data tied to accident claims

See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses

Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.

Who Is Impacted?

Hertz has not disclosed the total number of affected individuals nationwide, but breach filings with the Maine Attorney General indicate at least 3,409 people in that state alone are being notified. Additional notices were sent to residents of California and Vermont.

Clop Claims Responsibility

The Clop ransomware gang (aka TA505) has listed Hertz on its extortion leak site, publicly releasing stolen data and demanding ransom.

Clop has previously exploited secure file transfer tools in high-profile attacks against platforms like:

MOVEit Transfer
GoAnywhere MFT
SolarWinds Serv-U
Accellion FTA

Their strategy: data theft over encryption, extorting victims by threatening to leak stolen data.

Hertz data leaked on Clop data leak site
Source: BleepingComputer

Trending: Recon Tool: spoof_checker

Free Identity Monitoring and Advice for Customers

Hertz says it has not seen evidence of fraud using the stolen information but is offering two years of free identity monitoring to affected individuals.

They advise impacted customers to:

Watch for suspicious account activity
Freeze or monitor credit reports
Be cautious of phishing emails referencing Hertz

Wider Fallout from Cleo Exploit

Hertz is just one of 66 companies Clop claims to have breached via the Cleo zero-day. Other affected organizations include:

Western Alliance Bank
WK Kellogg Co
Sam’s Club

Cleo has not publicly detailed how the vulnerabilities were exploited, but security experts have flagged the flaws as part of an increasing trend of supply chain and third-party platform risks.

Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link