In a recent disclosure, Hertz Corporation has informed customers of its Hertz, Thrifty, and Dollar brands about a significant data breach resulting from vulnerabilities in Cleo Communications’ file transfer platform. This incident underscores the critical importance of robust cybersecurity measures in protecting sensitive customer information.
Background of the Breach
The breach traces back to two zero-day vulnerabilities identified in Cleo’s file transfer platform, specifically CVE-2024-50623 and CVE-2024-55956. These vulnerabilities were exploited by the Cl0p ransomware group during incidents in October and December 2024. The exploitation led to unauthorized access and exfiltration of data from numerous organizations utilizing Cleo’s services.
Details of the Compromised Data
Hertz’s comprehensive analysis, concluded in early April 2025, revealed that the compromised data includes:
– Names and contact details
– Dates of birth
– Driver’s license numbers
– Workers’ compensation claim details
– Credit card information
For a subset of individuals, additional sensitive information may have been exposed, such as:
– Social Security numbers
– Government identification numbers
– Passport information
– Medicare or Medicaid IDs
– Injury-related information from accident claims
Hertz’s Response and Mitigation Efforts
Upon discovering the breach, Hertz took immediate steps to assess the impact and secure its systems. The company has emphasized that its internal network remained unaffected by this incident. To support affected customers, Hertz is offering two years of complimentary identity monitoring and dark web monitoring services. Customers are encouraged to remain vigilant by reviewing account statements and monitoring credit reports for any unauthorized activity.
Industry-Wide Implications
The Cleo platform vulnerabilities have had a broad impact, with the Cl0p ransomware group claiming to have compromised 59 companies through these exploits. While some organizations, such as Covestro, have confirmed unauthorized access, others, including Hertz, initially disputed claims of compromise. This situation highlights the challenges companies face in verifying and responding to cyber threats in a timely manner.
Historical Context and Ongoing Challenges
This is not the first time Hertz has faced data security issues. In September 2024, the company experienced a breach that exposed over 60,000 insurance claim reports, raising concerns about its data protection practices. Additionally, in 2016, Hertz France was fined 40,000 euros after personal information from nearly 36,000 customers was found to be easily accessible online due to a contractor’s error.
These incidents underscore the ongoing challenges in safeguarding customer data and the necessity for continuous improvement in cybersecurity measures. The automotive and rental industries, in particular, must remain vigilant against evolving cyber threats to maintain customer trust and comply with regulatory requirements.
Recommendations for Customers
Customers affected by the breach should take proactive steps to protect their personal information:
1. Monitor Financial Accounts: Regularly review bank and credit card statements for any unauthorized transactions.
2. Check Credit Reports: Obtain free credit reports to identify any unusual activity or accounts opened without consent.
3. Utilize Identity Monitoring Services: Take advantage of the complimentary identity monitoring services provided by Hertz to detect potential misuse of personal information.
4. Be Cautious of Phishing Attempts: Remain alert to suspicious emails or communications that may attempt to exploit the breach for further fraudulent activities.
Conclusion
The recent data breach involving Hertz and the Cleo platform vulnerabilities serves as a stark reminder of the importance of robust cybersecurity practices. Organizations must prioritize the protection of customer data through continuous monitoring, timely patching of vulnerabilities, and comprehensive incident response strategies. Customers, in turn, should stay informed and proactive in safeguarding their personal information against potential misuse.
