Summary: Hertz Corporation disclosed a data breach affecting its brands due to vulnerabilities in Cleo’s file transfer software, which were exploited by threat actors. Over 3,400 Maine residents were specifically impacted, and sensitive customer data may have been compromised. The Clop ransomware group claimed responsibility, threatening to publish the stolen data if ransom demands were not met.
Affected: Hertz Corporation and its brands (Hertz, Thrifty, Dollar)
Keypoints :
- Unauthorized access to customer data was linked to Cleo zero-day exploits disclosed in late 2024.
- A total of 3,409 Maine residents were affected, with notifications sent to California and Vermont.
- Hertz confirmed the breach involved personal information such as names, contacts, DOB, and credit card details.
- The Clop ransomware group threatened to release stolen data due to non-negotiation on ransom demands.
- Cleo has addressed the issue and offers two years of free identity monitoring for affected individuals.