Car rental company Hertz over the weekend confirmed it notified 1,000,175 people of a late-2024 data breach that compromised the following personal information:
- Names
- Contact info
- Payment card info
- Driver’s license info
- Info related to workers’ compensation claims
- Dates of birth
Hertz says the breach also exposed a small number of peoples’ Social Security numbers, government ID numbers, passport info, medicare or medicaid IDs, and injury-related info associated with vehicle accident claims.
Ransomware gang Clop claimed responsibility for the attack. In 2024, Clop hacked dozens companies by exploiting a zero-day vulnerability in Cleo, a file transfer program used in many enterprise networks. Although Hertz didn’t verify Clop’s claim, it did acknowledge attackers exploited the Cleo vulnerability.
“On February 10, 2025, Hertz confirmed that its data was acquired by an unauthorized third party that Hertz understands exploited zero-day vulnerabilities within Cleo’s platform in October 2024 and December 2024,” says Hertz’s notice (PDF) to victims. “Importantly, there is no forensic evidence to date that Hertz’s own network was impacted by the Event.”
We don’t know if Hertz paid a ransom or how much Clop demanded. Comparitech contacted Hertz for comment and will update this article if it replies.
Hertz is offering eligible victims two years of free credit monitoring through Kroll.
Who is Clop?
Clop, or Cl0p, is a high-profile ransomware group that first surfaced in 2019. It’s known for exploiting zero-day software vulnerabilities including those in B2B filesharing software like Cleo, MOVEit, and GoAnywhere. Clop doesn’t always encrypt files. Instead, it demands ransoms solely in exchange for not selling or publishing stolen data.
In 2024, Clop claimed responsibility for 12 confirmed ransomware attacks, plus 71 unconfirmed claims that haven’t been acknowledged by the targeted organizations. Most of Clop’s attacks that exploited the Cleo vulnerability were claimed in 2025—the group has made 331 as-yet unconfirmed claims so far this year.
Other confirmed Clop breaches that exploited Cleo include:
- Chicago Public Schools notified 700,000 people
- Western Alliance Bank notified 22,000 people
- Champion Home Builders (unknown # of victims)
- WK Kellogg (unknown # of victims).
Though more are expected, we confirmed one Clop attack to date in 2025 on Wisconsin manufacturer Uniek.
Ransomware attacks in the USA
Ransomware attacks can both steal data and lock down computer systems, though in Clop’s case, it’s likely just the former. Targeted organizations must pay a ransom or face downtime, data loss, and putting customers at increased risk of fraud.
In 2024, Comparitech researchers logged 773 confirmed ransomware attacks on US organizations, compromising 266.6 million records. The attack on Hertz ranks 16th based on the number of people notified. The average ransom is $2.4 million.
In 2025 to date, we recorded 81 confirmed ransomware attacks that compromised more than 395,000 records. Other recently confirmed attacks include:
- Baskervill & Son notified 728 people of a September 2024 breach claimed by Play
- Empire Group of Reading suffered an attack in January 2025 claimed by Lynx
- Caputo & Company notified 674 people of a March 2025 attack claimed by Akira
- Treston IAC suffered an attack in November 2024 laimed by Hunters International
About The Hertz Corporation
The Hertz corporation encompasses three car rental brands: Hertz, Dollar, and Thrifty. It is one of the three largest car rental companies in the US with about one third of the total market share, and it operates in about 160 countries. The company filed for bankruptcy in 2020 during the coronavirus pandemic. The company employs roughly 25,000 people, according to external sources.
Source link
-
-
-
-
-
-
-
-
