Hertz Disclosed Data Breach Following 2024 Cleo Zero-Day Attack
In a recent disclosure, Hertz Corporation, the leading car rental giant, revealed that it had suffered a data breach following a zero-day attack on its system in late 2024. The breach, which affected multiple brands under the Hertz umbrella, including Thrifty and Dollar, exposed sensitive customer information to unauthorized parties.
Cleo, a vendor providing file transfer platforms for limited purposes by Hertz, was exploited by threat actors who took advantage of zero-day vulnerabilities within Cleo's platform in October 2024 and December 2024. According to the company's data breach notification published on February 10, 2025, Hertz immediately began analyzing the data to determine the scope of the event and identify individuals whose personal information may have been impacted.
The impact of the breach was significant, with 3,409 Maine residents being affected by the incident. Notifications were also sent to California and Vermont, although the number of affected individuals in these states is not publicly disclosed. In January 2025, the Clop ransomware group added 59 new companies to its leak site, claiming to have breached them using a vulnerability in Cleo file transfer products.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability CVE-2024-50623, with a CVSS score of 8.8, impacting multiple Cleo products, including LexiCom before version 5.8.0.21, Harmony prior to version 5.8.0.21, and VLTrader prior to version 5.8.0.21. Reports of active exploitation targeting Cleo file transfer software began circulating on December 9, 2024, among the cybersecurity community.
Security firm Huntress publicly disclosed ongoing exploitation involving three different Cleo products. The experts warned that even fully patched systems running 5.8.0.21 are still exploitable. The Clop ransomware group threatened to publish stolen data on January 18, 2025, after claiming contact with the breached organizations and ignoring ransom negotiations.
Hertz initially denied any involvement in the breach, stating that there was "no evidence" of its systems being impacted at this time. However, subsequent confirmation revealed that a breach had indeed exposed customer data, including names, contacts, DOB, credit card information, driver's license details, and information related to workers' compensation claims. A small number of people may have had their SSNs, government IDs, passport info, medical IDs, or injury-related claim data exposed in the breach.
Hertz has taken steps to address the breach, including notifying law enforcement and regulators, as well as offering 2 years of free Kroll identity monitoring to affected individuals. The company advises those impacted to stay vigilant, monitor their accounts and credit reports, and report any suspicious activity. While Hertz has detected no misuse of exposed data, it serves as a reminder of the importance of vigilance in protecting sensitive information.
Stay Safe Online
The recent Hertz data breach highlights the ever-present threat of zero-day attacks and the importance of cybersecurity awareness. It is crucial for individuals and organizations alike to stay informed about potential vulnerabilities and take proactive measures to protect themselves from cyber threats. By staying vigilant and taking necessary precautions, we can minimize the risk of falling victim to these types of incidents.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon for the latest cybersecurity news and updates.