Cybercrime hits another major Aussie company—here’s what you need to know
- Replies 3
Data breaches are becoming all too common in today’s interconnected world—but when personal documents and identity information are suddenly at risk, the stakes feel much higher.
A recent development has uncovered a troubling situation involving a well-known car rental company, cybercriminals, and a third-party platform.
What started as a behind-the-scenes cybersecurity incident has now come to light, revealing a situation with potentially serious consequences for Australian customers.
A cyber extortion attack on file-sharing service Cleo in October 2024 had far-reaching consequences, with Hertz Australia now confirming that local customer data had been caught up in the breach.
Although the incident took place last year, it was only confirmed in April 2025 that Australians were among those affected by the hack orchestrated by the cybercriminal group Clop.
Clop had listed 129 Zip archive files allegedly containing Hertz customer data on its dark web leak site.
Passports, driver’s licences, card details, and other sensitive personal data such as names, dates of birth, phone numbers, and email addresses were believed to be included in the exposed files.
‘The company doesn’t care about its customers, it ignored their security!!!’ Clop wrote in the leak post targeting Hertz.
Other Australian companies also appeared on Clop’s hit list, including Steelblue, Linfox, and Ampol.
Hertz stated that the breach stemmed from vulnerabilities in Cleo, a third-party platform used for file transfers.
‘At Hertz, we take the privacy and security of personal information seriously,’ a spokesperson said.
‘This vendor event involves Cleo, a file transfer platform used by Hertz for limited purposes.’
‘Importantly, to date, our forensic investigation has found no evidence that Hertz’s own network was affected by this event.’
‘However, among many other companies affected by this event, we have confirmed that Hertz data was acquired by an unauthorized third party that we understand exploited zero-day vulnerabilities within Cleo’s platform in October 2024 and December 2024.’
Hertz issued a Notice of Data Incident to reassure customers of the steps being taken.
‘Hertz takes the privacy and security of personal information seriously,’ the statement read.
The company confirmed that Cleo had completed an internal investigation and addressed the vulnerabilities that led to the breach.
The incident was reported to law enforcement authorities and Hertz also advised it was notifying regulators.
According to them: ‘While Hertz is not aware of any misuse of personal information for fraudulent purposes in connection with the event, we encourage potentially impacted individuals, as a best practice, to remain vigilant to the possibility of fraud or errors by reviewing account statements and monitoring credit reports for any unauthorized activity and reporting any such activity.’
As a precaution, Hertz engaged cybersecurity firm Kroll to provide two years of complimentary identity monitoring services for those potentially affected.
The car rental company also warned customers to remain alert for signs of identity theft or suspicious financial activity.
The data leak has added to growing concerns about the security of third-party platforms used by major companies.
Clop’s decision to publicly shame victims on its site highlighted the aggressive tactics cybercriminals were using to pressure companies.
In a previous story, we looked at how weak passwords can make it easier for hackers to access your personal information.
With breaches like this becoming more frequent, securing your accounts is more important than ever.
Read the full list of passwords you should stop using immediately.
With personal data now being treated like currency on the dark web, do you think companies are doing enough to protect customer information? Let us know your thoughts in the comments.
A recent development has uncovered a troubling situation involving a well-known car rental company, cybercriminals, and a third-party platform.
What started as a behind-the-scenes cybersecurity incident has now come to light, revealing a situation with potentially serious consequences for Australian customers.
A cyber extortion attack on file-sharing service Cleo in October 2024 had far-reaching consequences, with Hertz Australia now confirming that local customer data had been caught up in the breach.
Although the incident took place last year, it was only confirmed in April 2025 that Australians were among those affected by the hack orchestrated by the cybercriminal group Clop.
Clop had listed 129 Zip archive files allegedly containing Hertz customer data on its dark web leak site.
Hertz customer data listed on dark web. Image source: Hertz
Passports, driver’s licences, card details, and other sensitive personal data such as names, dates of birth, phone numbers, and email addresses were believed to be included in the exposed files.
‘The company doesn’t care about its customers, it ignored their security!!!’ Clop wrote in the leak post targeting Hertz.
Other Australian companies also appeared on Clop’s hit list, including Steelblue, Linfox, and Ampol.
Hertz stated that the breach stemmed from vulnerabilities in Cleo, a third-party platform used for file transfers.
‘At Hertz, we take the privacy and security of personal information seriously,’ a spokesperson said.
‘This vendor event involves Cleo, a file transfer platform used by Hertz for limited purposes.’
‘Importantly, to date, our forensic investigation has found no evidence that Hertz’s own network was affected by this event.’
‘However, among many other companies affected by this event, we have confirmed that Hertz data was acquired by an unauthorized third party that we understand exploited zero-day vulnerabilities within Cleo’s platform in October 2024 and December 2024.’
Hertz issued a Notice of Data Incident to reassure customers of the steps being taken.
‘Hertz takes the privacy and security of personal information seriously,’ the statement read.
The company confirmed that Cleo had completed an internal investigation and addressed the vulnerabilities that led to the breach.
The incident was reported to law enforcement authorities and Hertz also advised it was notifying regulators.
According to them: ‘While Hertz is not aware of any misuse of personal information for fraudulent purposes in connection with the event, we encourage potentially impacted individuals, as a best practice, to remain vigilant to the possibility of fraud or errors by reviewing account statements and monitoring credit reports for any unauthorized activity and reporting any such activity.’
As a precaution, Hertz engaged cybersecurity firm Kroll to provide two years of complimentary identity monitoring services for those potentially affected.
The car rental company also warned customers to remain alert for signs of identity theft or suspicious financial activity.
The data leak has added to growing concerns about the security of third-party platforms used by major companies.
Clop’s decision to publicly shame victims on its site highlighted the aggressive tactics cybercriminals were using to pressure companies.
In a previous story, we looked at how weak passwords can make it easier for hackers to access your personal information.
With breaches like this becoming more frequent, securing your accounts is more important than ever.
Read the full list of passwords you should stop using immediately.
With personal data now being treated like currency on the dark web, do you think companies are doing enough to protect customer information? Let us know your thoughts in the comments.
.png){kind=icon}
