Hertz Discloses Data Breach Linked to Cleo Hack

Car rental giant Hertz Corporation is notifying customers of the Hertz, Thrifty, and Dollar brands that their personal information was stolen as a result of the Cleo hack last year.

Two zero-day vulnerabilities in Cleo’s file transfer platform, tracked as CVE-2024-50623 and CVE-2024-55956, were exploited by the notorious Cl0p ransomware group in October and December 2024 to exfiltrate data from dozens of organizations.

Over the past several months, Cl0p added hundreds of organizations to its Tor-based leak site, most of which were likely affected by the Cleo incident, Comparitech consumer privacy advocate Paul Bischoff told SecurityWeek in March.

Last week, Hertz began notifying thousands of customers that their personal information was stolen from Cleo’s file transfer platform, which it was using “for limited purposes”.

According to the car rental firm, its analysis of the potentially compromised information, which was concluded in early April, determined that names, contact details ...