Automotive

Who:

• Hertz (car rental company)

• Cleo Communications (file transfer vendor)

• Possible link to Clop ransomware gang (Russia-affiliated)

What:

A cyberattack exploiting zero-day vulnerabilities in Cleo’s platform led to unauthorized access to Hertz customer data between October–December 2024.

Exposed data includes:

• Names, contact details, and dates of birth

• Credit card and driver’s license information

• Some Social Security and passport numbers

• Workers' compensation claim data

Impact:

• Global exposure: Breach notices issued in the U.S., Canada, EU, UK, and Australia

• Unknown scope: Number of affected customers not yet confirmed

• No current evidence of fraudulent use, but sensitive data is at risk

• Cleo vulnerabilities have been patched, and authorities have been notified

Action Needed:

• Monitor for fraud and identity theft

• Review vendor security practices

• Implement stronger third-party risk management policies

Read the full article HERE