In a recent data breach revelation, Hertz Global Holdings disclosed a significant data breach involving one of its vendors, Cleo Communications. This breach exploited zero-day vulnerabilities in Cleo’s file transfer platform, leading to the unauthorized access of sensitive customer information. The incident occurred between October and December 2024, and Hertz confirmed the breach in early 2025.

What Happened?

Hackers exploited vulnerabilities in Cleo’s enterprise file transfer products, which are widely used for sharing sensitive data over the internet. The compromised data includes customer names, contact information, credit card details, driver’s license information, and, in some cases, Social Security numbers and passport details. Hertz emphasized that its own network was not directly affected, but the vendor’s platform was the entry point for the attack.

The Clop Ransomware Connection

The breach is linked to the Clop ransomware gang, known for targeting zero-day vulnerabilities in secure file transfer platforms. Clop has previously exploited similar vulnerabilities in other platforms like MOVEit Transfer and SolarWinds Serv-U. This gang’s modus operandi involves stealing data and using it for extortion, making this breach part of a larger pattern of attacks on enterprise systems.

Impact on Customers

Hertz has begun notifying affected customers across multiple regions, including the U.S., Canada, the EU, and Australia. While the exact number of impacted individuals remains unclear, Hertz has offered two years of free identity monitoring services to mitigate potential risks. The company has also urged customers to monitor their accounts for signs of unauthorized activity.

Lessons Learned

This breach underscores the importance of robust cybersecurity measures, especially for third-party vendors. Zero-day vulnerabilities are particularly dangerous because they exploit unknown flaws, leaving systems defenseless until patches are developed. Companies must prioritize regular security audits, vendor assessments, and employee training to reduce the risk of such incidents.

Additional Insights

• Vendor Security: Organizations should ensure that their vendors adhere to stringent security protocols and conduct regular vulnerability assessments.
• Customer Protection: Offering identity monitoring services is a good first step, but companies must also provide clear communication and actionable advice to affected individuals.
• Global Implications: As cyberattacks become more sophisticated, international cooperation and information sharing are crucial for combating threats like ransomware.

Lessons from Recent Cybersecurity Incidents

The recent Hertz data breach, linked to vulnerabilities in Cleo Communications’ file transfer platform, highlights the growing threat of cyberattacks targeting third-party vendors. Between October and December 2024, hackers exploited zero-day vulnerabilities, compromising sensitive customer data, including names, credit card details, and Social Security numbers. This breach is part of a broader trend of sophisticated cyberattacks, such as those involving the Clop ransomware gang, which has targeted similar platforms like MOVEit Transfer.

Other Recent Breaches

1. Oracle Cloud Breach (April 2025):
   • Hackers exploited a vulnerability in Oracle’s legacy servers, exposing six million records, including private security keys and encrypted credentials. Oracle initially downplayed the breach, but investigations revealed that some of the compromised data was created as recently as 2024.
2. New York University (NYU) Breach (March 2025):
   • A hacker accessed NYU’s internal data warehouse, exposing personal information of over three million applicants, including SAT scores, GPAs, and demographic data. The breach raised concerns about data security in academic institutions.
3. Palau Health Ministry Ransomware Attack (March 2025):
   • The Qilin ransomware group targeted the Ministry of Health, stealing patient data and publishing it online. This attack underscores the vulnerability of healthcare systems to cyber threats.

This incident serves as a stark reminder that cybersecurity is not just an IT issue—it’s a business imperative. For Hertz and other companies, the focus must now shift to rebuilding trust and fortifying defenses against future attacks.

Steps Organizations Can Take to Prevent Breaches

1. Strengthen Vendor Security:
   • Conduct regular security audits of third-party vendors.
   • Require vendors to adhere to strict cybersecurity standards and implement multi-factor authentication (MFA).
2. Patch Management:
   • Regularly update software and systems to address known vulnerabilities.
   • Implement automated patch management tools to ensure timely updates.
3. Data Encryption:
   • Encrypt sensitive data both in transit and at rest to minimize the impact of breaches.
4. Employee Training:
   • Educate employees on recognizing phishing attempts and other social engineering tactics.
   • Conduct regular cybersecurity awareness programs.
5. Incident Response Planning:
   • Develop and test incident response plans to ensure quick action during a breach.
   • Use tabletop exercises to simulate real-world attack scenarios.
6. Network Segmentation:
   • Isolate critical systems from less secure parts of the network to limit the spread of attacks.
7. Monitoring and Detection:
   • Deploy advanced threat detection tools to identify and respond to suspicious activity.
   • Monitor logs for unusual patterns that may indicate a breach.
8. Zero Trust Architecture:
   • Implement a zero-trust model, where every access request is verified, regardless of its origin.

Conclusion

The Hertz breach and similar incidents serve as stark reminders of the evolving cyber threat landscape. Organizations must adopt a proactive approach to cybersecurity, focusing on prevention, detection, and response. By learning from these breaches and implementing robust security measures, businesses can better protect their data and maintain customer trust.

This incident serves as a stark reminder that cybersecurity is not just an IT issue—it’s a business imperative. For Hertz and other companies, the focus must now shift to rebuilding trust and fortifying defenses against future attacks.