Hertz has disclosed a data breach resulting from vulnerabilities in Cleo Communications' managed file transfer products, attributed to the Clop ransomware gang. Despite prior assertions that no intrusion had occurred, the breach, confirmed on 10 February 2025, may have compromised sensitive personal details of individuals, including names and payment information. Hertz is cooperating with law enforcement and regulators while offering two years of free identity monitoring for affected customers in multiple countries. The breach exemplifies ongoing challenges in cybersecurity for global companies.
On 10 February 2025, we confirmed that Hertz data was acquired by an unauthorised third party that we understand exploited zero-day vulnerabilities within Cleo's platform.
Although parent Hertz Corporation was earlier named by Clop on its leak site, the organisation had previously said there was no evidence of an intrusion.
Collection
[
|
...
]