Hertz Corporation disclosed in April 2025 that customer data had been stolen in attacks exploiting Cleo managed file transfer (MFT) software vulnerabilities in approximately December 2024 and January 2025. Clop confirmed responsibility for the Cleo MFT exploitation campaign. Data confirmed stolen included customer names, dates of birth, driver’s license numbers, credit card information, Social Security numbers, passport numbers, and Medicare/Medicaid identifiers. The breach affected Hertz brand customers and those from subsidiary brands Thrifty and Dollar. In Texas alone, over 96,000 notifications were filed; total affected individuals estimated at over 100,000. Hertz notified affected individuals starting April 11, 2025. Part of the broader Cleo MFT zero-day campaign by Clop that affected dozens of companies; see also 2024-12_cleo-mft-clop.yaml for the campaign-level entry.