Hertz has revealed a significant data breach affecting customers in the UK and other major areas. The breach stems from a compromise of Cleo Communications’ managed file transfer products by the Clop ransomware gang.
Hertz Corporation, which runs the Hertz, Dollar, and Thrifty rental brands, initially claimed no signs of an intrusion after Clop named it on their leak site. However, in a recent announcement, the company acknowledged that personal information was at risk. A spokesperson stated, “On February 10, 2025, we confirmed that an unauthorized third party accessed Hertz data by exploiting vulnerabilities in Cleo’s platform in October and December 2024.” They promptly started analyzing the data to assess the situation and identify those affected.
By April 2, 2025, they concluded that compromised data for UK individuals might include names, contact details, birth dates, driver’s license info, and payment card information. Hertz has reported the breach to the police and is talking with national regulators. They are also working with Kroll to offer two years of free identity monitoring to impacted individuals, extending this service to customers in the US, where other sensitive data, including social security numbers, has been compromised.
Those in Australia, Canada, the European Union, and New Zealand can check localized notices for more support. Cleo, based in the US, adds to the list of file transfer services targeted by Clop—following the notable attack on Progress Software’s MOVEit tool in spring 2023.
The vulnerabilities that led to the Cleo breach fall under two categories: CVE-2024-50623 and CVE-2024-55956. The first vulnerability involves mishandling file uploads, allowing attackers to upload malicious files to a server. The second allows remote code execution, giving unauthenticated users the ability to run harmful commands on the host and set up backdoors for stealing data.
Dray Agha, senior manager of security operations at Huntress, noted the serious risks posed by these unpatched vulnerabilities in popular systems like Cleo. He emphasized the vital need for strong vulnerability management programs to catch and fix security flaws, especially in tools that handle sensitive information. Agha pointed out the shift in cybercriminal tactics, moving from merely encrypting data to stealing it for extortion, emphasizing the necessity for comprehensive cybersecurity measures, including robust data encryption and vigilant monitoring of external connections.