Mobile, Security

Hertz Data Breach Exposes Customer Details and Driver’s Licenses

tuffbrownboy


Hertz data leaked on Clop data leak site
Red Report 2025

Overview of the Hertz Security Incident

Hertz Corporation, a leader in car rentals, has confirmed a significant data breach impacting its Hertz, Thrifty, and Dollar brands. This breach resulted from the sophisticated Cleo zero-day attacks, compromising a vast array of customer information.

Details of the Breach

On February 10, 2025, Hertz disclosed that unauthorized access to their data occurred due to vulnerabilities on Cleo’s platform between October and December 2024. The stolen data potentially includes:

  • Names and contact details
  • Date of birth and credit card information
  • Driver’s license details
  • Social Security numbers and other government ID numbers for a limited number of people
  • Medicare, Medicaid ID, and other information linked to workers’ compensation claims
  • Details concerning vehicle accident claims

Response and Measures Taken by Hertz

In response to the breach, Hertz has initiated two years of complimentary identity monitoring services for affected customers. They are vigilantly monitoring for misuses of the stolen information, although no direct fraud has been detected thus far. Despite this assurance, they caution all impacted individuals to stay alert for potential fraudulent activities.

Scope of Impact

While exact numbers are unclear, notifications of the breach have been sent to 3,409 individuals in Maine, with similar alerts in California and Vermont. Hertz continues its investigation to ascertain the full extent of the breach.

The Culprits Behind the Attack

The notorious Clop ransomware gang has taken responsibility, targeting Cleo’s managed file transfer platforms like Cleo Harmony, VLTrader, and LexiCom during their campaign. This incident is a part of their shift in focus from direct ransomware attacks to significant data theft for extortion purposes, a strategy they have employed against several prominent platforms since 2019.

Broader Impact of the Cleo Vulnerabilities

Apart from Hertz, other notable organizations like Western Alliance Bank, WK Kellogg Co, and Sam’s Club have also reported potential breaches linked to the same vulnerabilities exploited in the Cleo platforms.

In light of the ongoing threats and vulnerabilities, companies are urged to enhance their cybersecurity measures and stay vigilant against such sophisticated cyber-attacks that seek to exploit zero-day vulnerabilities for malicious gains.

Related: Conduent Cyberattack: Client Data Breached in January 2025 Incident

Last Updated: April 14, 2025

Post Views: 18

Related Posts