Car rental giant Hertz Corporation warns it suffered a data breach after customer data for its Hertz, Thrifty, and Dollar brands was stolen in the Cleo zero-day data theft attacks. "On February 10, 2025, we confirmed that Hertz data was acquired by an unauthorized third party that we understand exploited zero-day vulnerabilities within Cleo's platform in October 2024 and December 2024," reads the Hertz data breach notification. "A very small number of individuals may have had their Social Security or other government identification numbers, passport information, Medicare or Medicaid ID (associated with workers' compensation claims), or injury-related information associated with vehicle accident claims impacted by the event," warned Hertz. While Hertz says it has not detected "any misuse of personal information for fraudulent purposes," the Clop ransomware gang previously leaked the company's data on their extortion site. However, since 2020, the ransomware gang has focused more on data theft attacks, targeting previously unknown zero-day vulnerabilities in secure file transfer platforms to steal data. Previous Clop data theft attacks also targeted MOVEit Transfer, GoAnywhere MFT, SolarWinds Serv-U, and Accelion FTA secure file transfer platforms. The company says that the data varies per individual but could contain customers' names, contact information, date of birth, credit card information, driver's license information, and information related to workers' compensation claims. Other companies who confirmed or said they were investigating data breaches from the Cleo data theft attacks include Western Alliance Bank, WK Kellogg Co, and Sam's Club. In October 2024, Clop mass-exploited a zero-day vulnerability in Cleo managed file transfer platforms: Cleo Harmony, VLTrader, and LexiCom. Clop later claimed responsibility for the attacks, stating they stole the data for 66 companies. While Hertz has not shared how many customers were impacted by the incident, Maine's Attorney General's Office reports that 3,409 people in the state are receiving notifications. In addition, Hertz says a small number may have had their Social Security numbers or government identification stolen.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 14 Apr 2025 23:20:13 +0000