On February 10, 2025, Hertz Corporation confirmed a data breach affecting its Hertz, Thrifty, and Dollar brands. The breach was traced back to zero-day vulnerabilities in the Cleo Communications platform, exploited in October and December 2024.
What happened?
Hackers exploited flaws in Cleo’s managed file transfer (MFT) software to access sensitive customer data, including contact info, credit card details, and driver’s license numbers. A smaller subset may have had SSNs or passport data exposed.
What is being done?
Hertz is actively working with cybersecurity experts and has notified impacted customers. No signs of fraud have been reported so far.
Reminder to all businesses:
Keep third-party software up to date
Apply security patches promptly
Monitor for abnormal data access patterns
This breach highlights the growing risks in the digital supply chain. If you’re using Cleo or other MFT solutions, double-check your security posture today.
Thanmay Sarath is a Mensa member, ethical hacker, entrepreneur, and technologist passionate about cybersecurity and innovation. A researcher, international speaker, and published author, he works at the intersection of technology, security, and social impact, helping organizations and communities stay safe in an increasingly digital world.