Hertz Data Breach Incident Report

Incident Date: The breach was confirmed by Hertz on February 10, 2025, following data acquisition by unauthorized parties exploiting zero-day vulnerabilities in Cleo's platform during October and December 2024. The report was published on April 14, 2025, as confirmed by BleepingComputer [https://www.bleepingcomputer.com/news/security/hertz-confirms-customer-info-drivers-licenses-stolen-in-data-breach/].

Summary of Incident: Hertz Corporation, including its Dollar and Thrifty brands, experienced a data breach due to an attack by the Clop ransomware gang. The attackers exploited zero-day vulnerabilities in Cleo's file transfer products, affecting multiple organizations.

Data Compromised: - Customer names, contact information, dates of birth, credit card information, and driver's license information. - Some customers' data also included Social Security Numbers, government identification numbers, passport information, and information related to workers' compensation claims. - Hertz provided specific details in their notification, which is corroborated by both Packet Storm [https://packetstorm.news/news/view/37486] and Malware News [https://malware.news/t/hertz-data-breach-caused-by-cl0p-ransomware-attack-on-vendor/93219].

Impacts and Responses: - The Clop group leaked stolen data on their extortion site, which was used to pressure Hertz and other affected companies. - Hertz offered two years of identity monitoring services through Kroll to affected customers. - The company reported the incident to law enforcement and relevant regulators, emphasizing no evidence of data misuse for fraudulent purposes at the time of reporting.

Technical Analysis: - The breach was facilitated through exploitation of vulnerabilities in Cleo's managed file transfer products, namely Cleo Harmony, VLTrader, and LexiCom. - Clop's pattern involves exploiting zero-day vulnerabilities in secure file transfer platforms to steal data, transitioning from ransomware to data theft and extortion.

Sector-Specific Implications: - The incident highlights vulnerabilities within business-to-business tech platforms used for data transfers, emphasizing the need for robust security measures and timely patching. - It underscores the significance of data protection in the car rental industry, particularly concerning sensitive customer information and regulatory compliance.

References: - BleepingComputer: [https://www.bleepingcomputer.com/news/security/hertz-confirms-customer-info-drivers-licenses-stolen-in-data-breach/] - Packet Storm: [https://packetstorm.news/news/view/37486] - Malware News: [https://malware.news/t/hertz-data-breach-caused-by-cl0p-ransomware-attack-on-vendor/93219]

This report consolidates verified information from multiple sources, maintaining a focus on evidence-backed findings and timeline accuracy.