Latest news with #Clop
Fox News
25-04-2025
- Business
- Fox News
Hertz data breach exposes customer information
Most companies use different vendors to run different parts of their business, such as customer management, finances, payroll and social media. To do this, they share access to customer data with these platforms. The issue is that not all vendors take cybersecurity seriously, and hackers are well aware of that. More and more, attackers are going after these weaker links in the digital supply chain. These kinds of breaches often happen quietly, exposing large amounts of customer information without touching a company's main systems. It's becoming a serious concern for both businesses and their customers. One of the latest cases involves Hertz, the car rental giant, which recently confirmed that customer data was exposed because of a cyberattack on one of its software vendors. Join the FREE "CyberGuy Report": Get my expert tech tips, critical security alerts and exclusive deals, plus instant access to my free "Ultimate Scam Survival Guide" when you sign up! Hertz, the global car rental company that also operates Dollar and Thrifty, has disclosed a data breach affecting thousands of its customers. The incident stems from a cyberattack on one of its third-party vendors, software provider Cleo, between October and December 2024. The breach did not compromise Hertz's internal systems directly but involved data that had been shared with the vendor as part of its operational workflow. The compromised data varies by region but includes sensitive personal information such as names, dates of birth, contact details, driver's license numbers and, in some cases, Social Security numbers and other government-issued IDs. Certain financial information, including payment card details and workers' compensation claims, was also among the stolen records. In the U.S., disclosures were filed with regulatory bodies in California, Texas and Maine. Specifically, 3,457 individuals were affected in Maine and 96,665 in Texas. The total global impact, however, is believed to be far greater. Customers in Australia, Canada, the EU, New Zealand and the U.K. were also notified via breach notices on Hertz's regional websites. The breach is believed to be the work of the Clop ransomware gang, a well-known Russia-linked hacking group. Clop exploited a zero-day vulnerability in Cleo's enterprise file transfer software, technology used by many large organizations to securely transmit sensitive business data. In 2024, the gang launched a mass-hacking campaign targeting Cleo users, ultimately stealing data from more than 60 companies, including Hertz. Interestingly, while Hertz was named on Clop's dark web leak site in 2024, the company initially stated it had "no evidence" its systems or data had been compromised. When contacted by CyberGuy, a Hertz spokesperson said, "At Hertz, we take the privacy and security of personal information seriously. This vendor event involves Cleo, a file transfer platform used by Hertz for limited purposes. Importantly, to date, our forensic investigation has found no evidence that Hertz's own network was affected by this event. However, among many other companies affected by this event, we have confirmed that Hertz data was acquired by an unauthorized third party that we understand exploited zero-day vulnerabilities within Cleo's platform in October 2024 and December 2024." While Hertz's internal systems were not breached, the exposure of personal data, including driver's license numbers, contact details and government-issued IDs, poses serious risks. Affected individuals may be vulnerable to identity theft, fraudulent account openings and targeted phishing attempts. If Social Security numbers were involved, the potential for harm increases significantly. Anyone who rented from Hertz, Dollar or Thrifty between October and December 2024 should be on high alert. If you think you were affected or just want to be cautious, here are some steps you can take right now to stay safe from the Hertz data breach. 1. Watch out for phishing scams and use strong antivirus software: With access to your email, phone number or identification documents, attackers can craft convincing phishing emails pretending to be from healthcare providers or banks. These emails might include malicious links designed to install malware or steal login information. To defend yourself, use a strong antivirus program. Get my picks of the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices. 2. Scrub your data from the internet using a personal data removal service: The more exposed your personal information is online, the easier it is for scammers to use it against you. Following the Hertz breach, consider removing your information from public databases and people-search sites. Check out my top picks for data removal services here. 3. Safeguard against identity theft and use identity theft protection: Hackers now have access to high-value information from the Hertz breach, including Social Security numbers, driver's license and bank information. This makes you a prime target for identity theft. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. Signing up for identity theft protection gives you 24/7 monitoring, alerts for unusual activity and support if your identity is stolen. See my tips and best picks on how to protect yourself from identity theft. 4. Set up fraud alerts: Requesting fraud alerts notifies creditors that they need extra verification before issuing credit in your name. You can request fraud alerts through any one of the three major credit bureaus; they'll notify the others. This adds another layer of protection without completely freezing access to credit. 5. Monitor your credit reports: Check your credit reports regularly through where you can access free reports from each bureau once per year or more frequently if you're concerned about fraud. Spotting unauthorized accounts early can prevent larger financial damage. 6. Change passwords and use a password manager: Update passwords on any accounts tied to compromised data. Use unique passwords that are hard to guess and let a password manager do the heavy lifting by generating secure ones for you. Reused passwords are an easy target after breaches. Consider password managers for convenience and security. Get more details about my best expert-reviewed password managers of 2025 here. 7. Be wary of social engineering attacks: Hackers may use stolen details like names or birth dates from breaches in phone scams or fake customer service calls designed to trick you into revealing more sensitive info. Never share personal details over unsolicited calls or emails. Social engineering attacks rely on trust, and vigilance is key. Cyber risk doesn't always come from a company's own network. It often originates in unseen corners of the digital supply chain. Even as companies double down on internal cybersecurity, they must be equally rigorous in how they vet and monitor third-party vendors. For consumers, it's no longer enough to trust the big brand on the label. The data trail is wider, the attack surface larger and the consequences far more opaque. If companies can't protect our data, should they be allowed to collect so much of it? Let us know by writing us at For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Follow Kurt on his social channels: Answers to the most-asked CyberGuy questions: New from Kurt: Copyright 2025 All rights reserved.
Yahoo
15-04-2025
- Automotive
- Yahoo
Aussies' data, including passports compromised
Hertz corporation customer data has been impacted from file-sharing platform Cleo being compromised by a cyber extortion operation in October last year. Although the third-party incident occurred last year, it was just confirmed this month that Australian customers may be impacted by the attack conducted by cybercriminal organisation Clop. Passports, driver's licenses, card information and other private details such as name, date of birth, phone numbers, and email addresses could now be exposed. Clop previously published the compromised data on its site, along with other Australian companies on the hit list, such as Steelblue, Linfox and Ampol. 129 Zip archives of Hertz data are currently sitting on Clop's dark web leak site. 'The company doesn't care about its customers, it ignored their security!!!' Clop said on the post containing the Hertz leak. In a Notice of Data Incident statement, Hertz Australia reassured customers. 'Hertz takes the privacy and security of personal information seriously,' the statement read. It goes on to outline that Cleo has now investigated the event and addressed identified vulnerabilities. The incident has also been reported to law enforcement by Hertz, who are also in the process of reporting the event to regular regulators. 'Out of an abundance of caution' Hertz said it has also secured the services of cybersecurity company Kroll to provide two years of identity monitoring services to potentially impacted individuals at no cost. However, the car rental company told potential victims to stay vigilant. 'While Hertz is not aware of any misuse of personal information for fraudulent purposes in connection with the event, we encourage potentially impacted individuals, as a best practice, to remain vigilant to the possibility of fraud or errors by reviewing account statements and monitoring credit reports for any unauthorized activity and reporting any such activity.' A Hertz spokesperson said: 'At Hertz, we take the privacy and security of personal information seriously. This vendor event involves Cleo, a file transfer platform used by Hertz for limited purposes. Importantly, to date, our forensic investigation has found no evidence that Hertz's own network was affected by this event. However, among many other companies affected by this event, we have confirmed that Hertz data was acquired by an unauthorized third party that we understand exploited zero-day vulnerabilities within Cleo's platform in October 2024 and December 2024. '
Yahoo
08-04-2025
- Business
- Yahoo
WK Kellogg confirms employee data breach tied to Cleo file-transfer flaw
This story was originally published on Cybersecurity Dive. To receive daily news and insights, subscribe to our free daily Cybersecurity Dive newsletter. WK Kellogg Co. confirmed that at least one employee was affected in a December hack related to a vulnerability in Cleo file-transfer software, according to a regulatory filing with the Maine Attorney General's office. The Michigan-based breakfast cereal company said Cleo servers, which were used to transfer employee files, were hacked on Dec. 7. WK Kellogg said it first learned of the hacking incident on Feb. 27. The breached data included the name and Social Security number of one employee based in Maine. However, it is not immediately known if the personal data of other employees was also breached. As previously reported, critical flaws in Cleo file-transfer software came under mass exploitation in December. Cleo originally released a patch in October 2024 to address an unrestricted file upload and download vulnerability, tracked as CVE-2024-50623, in Cleo Harmony, VLTrrader and LexiCom file-transfer products. However, security researchers found the patch did not offer adequate protection from hacking. A second vulnerability, tracked as CVE-2024-55956, was discovered in December; it allows unauthenticated users to import or execute arbitrary bash or PowerShell commands. Researchers from Arctic Wolf said in December that Cleo MFT products were being exploited as part of an effort to deploy Java-based backdoors. 'At the time of publication, the motivations of the threat actors had not been fully elucidated,' a spokesperson for Arctic Wolf said via email. 'Since then, [Clop] has published a message on their leak site claiming responsibility for some of the ransomware threat activity targeting organizations running Cleo products.' Researchers at Mandiant traced a cluster of malicious activity to a threat actor tracked as FIN11, which overlaps with the Clop ransomware gang. Clop is most widely known as the group linked to the widespread attacks on MOVEit file-transfer software in 2023. Just last week, Sam's Club said it was investigating a potential attack after Clop referenced the company on its leak site. A spokesperson for WK Kellogg was not immediately available for comment.
Forbes
08-04-2025
- Business
- Forbes
Clop Ransomware Hack Of WK Kellogg Shows Growing Threat To Your Data
RANSOMWARE digital text, word, data security threat. Ransomware concept, banner. 3D render Today, personal information flows through countless digital systems, and a single vulnerability can expose the data of thousands—or even millions—of individuals. That is exactly what is happening now with a ransomware group called Clop, which is behind one of the most aggressive cybercrime waves in recent memory. Clop has been exploiting vulnerabilities in Cleo, a popular file transfer software used by over 4,000 organizations worldwide, including its latest victim, WK Kellogg Co.—the American food giant behind brands like Froot Loops, Corn Flakes, and Frosted Flakes. In a recent notification, WK Kellogg confirmed that attackers gained unauthorized access to servers used to transfer sensitive employee files. Among the data stolen were names and Social Security numbers—details that can be used for identity theft, fraud, and more. This breach is not an isolated incident. Clop has published a list of over 66 affected companies on its dark web extortion site, threatening to leak stolen data unless ransom demands are met. The leaked information often includes personal customer or employee data, putting everyday people at risk—whether or not they have ever heard of Cleo or Clop. The Clop group has a history of targeting file transfer tools; in 2023, they exploited a zero-day vulnerability in the MOVEit Transfer software, impacting over 300 organizations and compromising the personal data of approximately 93.3 million individuals. Similarly, in 2021, Clop exploited vulnerabilities in Accellion's File Transfer Appliance, leading to data breaches at multiple organizations, including the Reserve Bank of New Zealand and the University of California system. This type of ransomware does not rely on victims clicking malicious emails or attachments. Instead, attackers actively search for and exploit weaknesses in trusted enterprise software to gain access to sensitive data. It is easy to assume that large-scale cyberattacks only affect corporations, but the truth is the consequences often trickle down to individuals. When ransomware groups like Clop breach major companies, they do not just steal internal documents—they often walk away with sensitive personal data belonging to employees, vendors, and customers. This information can include names, addresses, phone numbers, email addresses, and, in many cases, Social Security numbers or other government-issued IDs. Once stolen, this data becomes a tool for cybercriminals to commit identity theft, financial fraud, and phishing scams. Your SSN, for example, can be used to open new credit cards, take out loans in your name, or file fraudulent tax returns—often without you realizing it until the damage is done. What makes these breaches even more dangerous for home users is that the fallout does not always happen right away. Hackers often sit on the stolen data for months before leaking or selling it on the dark web. By the time your information is being misused, the company may have long since issued its public breach notification, and you might never connect the fraud to the original incident. Even if you have never heard of the company that was breached, your personal data could still be involved if your employer, healthcare provider, or service vendor uses the compromised platform or software. While you cannot stop ransomware attacks targeting large companies, there is a lot you can do to protect yourself from the fallout. Here are practical steps every home user should take: Use tools like to find out if your email or phone number has appeared in known data breaches. If a company you do business with has been breached, monitor your email or physical mail for official notices—especially from banks, healthcare providers, or your employer. If a breach involves personal information like your Social Security number, enroll in free identity protection services if offered. Companies like WK Kellogg often partner with providers like Kroll to help affected individuals. Also, consider placing a fraud alert or even a security freeze with the three major credit bureaus: Equifax, Experian, and TransUnion. After a breach, scammers may impersonate the affected company to trick you into clicking malicious links. Always verify suspicious messages by visiting the company's official website or contacting their customer support directly—never trust links in unsolicited emails or texts. Change your passwords for any accounts linked to the breach. Use a password manager to create strong, unique passwords for every site. Always enable MFA where available for added protection. Cybercriminals exploit outdated software. Regularly update your devices, browsers, and apps to fix security holes.
Yahoo
06-02-2025
- Business
- Yahoo
Nuspire's Q4 and Full Year 2024 Cyber Threat Report Highlights 46% Surge in Ransomware Activity and Rising Exploit Attempts
COMMERCE, Mich., Feb. 6, 2025 /PRNewswire/ -- Nuspire, a leading managed security services provider (MSSP) and a PDI Technologies company, today released its Q4 and Full Year 2024 Cyber Threat Report, providing a comprehensive analysis of the evolving cyber threat landscape. The latest report reveals a significant increase in ransomware extortion publications, a shift in ransomware group dominance, and a continued rise in exploit attempts. Clop Ransomware Surges as Top Threat Actor According to the report, ransomware extortion publications rose by 46% compared to Q3, with Clop ransomware emerging as the most active group, surpassing RansomHub. Clop, known for its double-extortion tactics, leveraged multiple zero-day vulnerabilities throughout Q4, significantly impacting the Professional & Technical Services industry, which remained the most targeted sector. "The sharp increase in ransomware extortions in Q4 2024, particularly from Clop, signals an alarming escalation in cybercriminal operations," said Justin Heard, Director of Security Operations at Nuspire. "Threat actors continue to evolve their tactics, making it critical for organizations to enhance their proactive threat detection capabilities and incident response strategies, and we will continue to watch this in 2025." Key Findings from Nuspire's Q4 2024 Cyber Threat Report Ransomware Trends 2,247 ransomware extortion publications were reported, a 46% increase from Q3 2024. Clop overtook RansomHub as the most active ransomware group, while Akira, Funksec, and Bashe entered the top five. Finance & Insurance emerged as the third-most targeted industry, rising from fifth place in Q3 2024. Exploit Activity Exploit attempts increased by 72% compared to Q3 2024, with 29,180,763 exploit events detected. Hikvision camera vulnerabilities (CVE-2021-36260) and Bash vulnerabilities (CVE-2014-6271) saw significant increases in exploitation attempts (56% and 77%, respectively). Firewall and VPN technologies remain top targets, as cybercriminals seek to bypass perimeter defenses. Dark Web Trends Dark web marketplace listings decreased by 32% from Q3 2024, with 1,316,660 raw log listings and 590,762 credit card listings available for sale. Lumma Stealer, a persistent malware-as-a-service (MaaS) infostealer, continued to thrive, harvesting sensitive data for resale on illicit marketplaces. "Cybercriminals are refining their attack strategies, targeting critical infrastructure and high-value data sources," said Josh Smith, Principal Threat Intelligence Analyst at Nuspire. "Organizations must remain vigilant, employing a combination of AI-driven threat intelligence, robust patch management, and employee security training to mitigate these evolving risks." Mitigation and Security Recommendations To help businesses combat the latest cyber threats, Nuspire recommends: Enhancing endpoint detection and response (EDR) solutions to swiftly detect and contain ransomware attacks. Implementing dark web monitoring to identify compromised credentials and data before they are weaponized. Applying timely system patches to protect against newly discovered exploits, particularly in remote access technologies. Strengthening cybersecurity awareness training to reduce the risk of phishing-based ransomware infections. Access the complete report online at Nuspire's Q4 and Full Year 2024 Cyber Threat Report. About PDI Security and Network SolutionsWith over 25 years of expertise, PDI Security and Network Solutions (formerly known as Nuspire) is redefining cybersecurity and network management through intelligent unification and unparalleled protection. The company delivers fully managed security and network services, including managed detection and response (MDR), endpoint detection and response (EDR), Firewall as a Service, 5G as a Service, and Wi-Fi as a Service. The technology-agnostic platform seamlessly integrates human expertise, advanced AI, and innovative technologies, providing holistic visibility across security and network infrastructure. Staffed by highly trained security experts, PDI 24/7 SOCs help organizations stay ahead of emerging threats while optimizing their technology investments. Learn more about PDI Security and Network Solutions. For more information, contact: View original content to download multimedia: SOURCE PDI Technologies Sign in to access your portfolio
