Hertz Confirms Data Breach After Hackers Stole Customer PII

Hertz confirms data breach linked to Cleo software flaw; Cl0p ransomware group leaked stolen data, exposing names, driver’s licenses, and credit card details.

Car rental company Hertz has announced that some of its customers’ private details were accessed without permission. This happened because of vulnerabilities in Cleo Communications US, LLC (Cleo), a company that provides software services to Hertz.  

It is worth noting that in December 2024, the Cl0p ransomware group claimed responsibility for exploiting vulnerabilities in Cleo’s managed file transfer software, leading to the theft of large amounts of corporate data. A few days later, the group published the stolen Hertz data archive on its dark web leak site.

In its official press release (PDF), Hertz, which also owns Dollar and Thrifty car rental brands, explained that Cleo runs a system that Hertz uses ...