![[The AI Show Episode 144]: ChatGPT’s New Memory, Shopify CEO’s Leaked “AI First” Memo, Google Cloud Next Releases, o3 and o4-mini Coming Soon & Llama 4’s Rocky Launch](https://www.marketingaiinstitute.com/hubfs/ep%20144%20cover.png)
-All-will-be-revealed-00-35-05.png?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
![What iPhone 17 model are you most excited to see? [Poll]](https://9to5mac.com/wp-content/uploads/sites/6/2025/04/iphone-17-pro-sky-blue.jpg?quality=82&strip=all&w=290&h=145&crop=1)
![Hands-On With 'iPhone 17 Air' Dummy Reveals 'Scary Thin' Design [Video]](https://www.iclarified.com/images/news/97100/97100/97100-640.jpg)
![Mike Rockwell is Overhauling Siri's Leadership Team [Report]](https://www.iclarified.com/images/news/97096/97096/97096-640.jpg)
![Instagram Releases 'Edits' Video Creation App [Download]](https://www.iclarified.com/images/news/97097/97097/97097-640.jpg)
![Inside Netflix's Rebuild of the Amsterdam Apple Store for 'iHostage' [Video]](https://www.iclarified.com/images/news/97095/97095/97095-640.jpg)
Hertz data breach caused by CL0P ransomware attack on vendor
Car rental giant Hertz data suffered a data breach caused by a CL0P ransomware attack on file sharing vendor Cleo
The Hertz Corporation, on behalf of Hertz, Dollar, and Thrifty brands, is sending breach notifications to customers who may have had their name, contact information, driver’s license, and—in rare cases—Social Security Number exposed in a data breach.
The car rental giant’s data was stolen in a ransomware attack leveraging a vulnerability in Cleo file sharing products.
In 2023, the CL0P ransomware gang broke the scalability barrier and shook the security world with a series of short, automated campaigns, hitting hundreds of unsuspecting targets simultaneously with attacks based on zero-day exploits in file sharing software like MOVEit Transfer and GoAnywhere MFT.
In 2024, CL0P repeated this method using a zero-day exploit against Cleo, a business-to-business (B2B) tech platform provider that specializes in managed file transfer (MFT) solutions, like Cleo Harmony, VLTrader, and LexiCom.
Hertz acknowledged that it was one of the victims:
“On February 10, 2025, we confirmed that Hertz data was acquired by an unauthorized third party that we understand exploited zeroday vulnerabilities within Cleo’s platform in October 2024 and December 2024.”
We were already aware of the fact, since CL0P posted about it on their leak site.
This leak site is also where the stolen data is available for download. Malwarebytes Labs was unable to figure out how many people were affected, but the number of available archives for download is in the tenfolds.
After a full data analysis, Hertz is sending notifications to affected customers. The type of stolen data varies per customer, but could include:
- Name
- Contact information
- Driver’s license
- Social Security Number (in rare cases according to Hertz)
“A very small number of individuals may have had their Social Security or other government identification numbers, passport information, Medicare or Medicaid ID (associated with workers’ compensation claims), or injury-related information associated with vehicle accident claims impacted by the event.”
While Hertz says it’s not aware of any misuse of stolen personal information for fraudulent purposes, it offers affected customers two years of identity monitoring services by Kroll for free.
Protecting yourself after a data breach
There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.
- Check the vendor’s advice. Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
- Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
- Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
- Watch out for fake vendors. The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify the identity of anyone who contacts you using a different communication channel.
- Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
- Consider not storing your card details. It’s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.
- Set up identity monitoring. Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.
Check your digital footprint
Malwarebytes has a free tool for you to check how much of your personal data has been exposed online. Submit your email address (it’s best to give the one you most frequently use) to our free Digital Footprint scan and we’ll give you a report and recommendations.
