Automotive
Who:
• Hertz (car rental company)
• Cleo Communications (file transfer vendor)
• Possible link to Clop ransomware gang (Russia-affiliated)
What:
A cyberattack exploiting zero-day vulnerabilities in Cleo’s platform led to unauthorized access to Hertz customer data between October–December 2024.
Exposed data includes:
• Names, contact details, and dates of birth
• Credit card and driver’s license information
• Some Social Security and passport numbers
• Workers' compensation claim data
Impact:
• Global exposure: Breach notices issued in the U.S., Canada, EU, UK, and Australia
• Unknown scope: Number of affected customers not yet confirmed
• No current evidence of fraudulent use, but sensitive data is at risk
• Cleo vulnerabilities have been patched, and authorities have been notified
Action Needed:
• Monitor for fraud and identity theft
• Review vendor security practices
• Implement stronger third-party risk management policies
Read the full article HERE