Hertz has announced a data breach that may affect customer information due to vulnerabilities in Cleo file-transfer software. Discovered on February 10, 2025, the breach involved malicious actors exploiting zero-day vulnerabilities. The breach investigation revealed that sensitive customer data, including names, dates of birth, contact information, credit card details, driver's licenses, and workers' compensation claim data, may have been compromised. Thomas Richards from Black Duck emphasizes the need for organizations to manage software risks and strengthen cybersecurity to protect sensitive information from such attacks.
Thomas Richards, Infrastructure Security Practice Director at Black Duck, remarks, "It's incredibly unfortunate that customers had their sensitive information compromised in such an attack. Data is a form of currency for cybercriminals, and therefore it is essential that all organizations harboring sensitive information manage their software risk by taking measures to improve their cybersecurity posture to prevent a compromise like this from happening again."
According to a filing with the Maine Attorney General's office, the breach is connected to Cleo file-transfer software vulnerabilities.
The organization learned of the breach on February 10, 2025, determining that data was accessed by malicious actors.
The investigation found that the following personal information may have been compromised: names, dates of birth, contact information, credit card details, driver's licenses, workers' compensation claim data.
Collection
[
|
...
]