Most recently, Cleo Software had to deal with a massive cyberattack. The incident is adding to the suspicion that the Russia-linked Clop ransomware gang is responsible. The attackers used a zero-day in Cleo’s enterprise file transfer products in private and corporate environments as well. The fallout from this breach impacted the sensitive data of millions of corporate customers including the car rental giant Hertz.
The breach occurred sometime between October and December 2024. Its scale and the nature of the compromised data have garnered unprecedented attention. On Wednesday, the Clop ransomware gang claimed they had successfully exploited that vulnerability. This breach affected almost 60 organizations that relied on Cleo’s software to move millions of sensitive data sets over the internet. As products purposely built to ensure secure and compliant data sharing, this breach is all the more alarming for users of Cleo.
Besides Social Security numbers, the stolen data includes names, addresses, dates of birth, and driver’s license information. This involves customer IDs, names, dates of birth, contact details, driver’s licenses, and payment card data. The implications of such a breach extend beyond immediate financial risks, as it raises questions about the security measures employed by companies that handle sensitive customer data.
At the time of the hack, Cleo Software’s offerings were adopted by hundreds of firms in dozens of industries. Hertz, as one of these clients, now faces potential repercussions from the data breach in light of the sensitive information that may have been compromised. This incident has raised serious questions about whether or not companies are doing enough to protect their sensitive data while utilizing third-party software solutions.
Cleo Software’s lack of communication with TechCrunch to validate this breach only adds more confusion. Bad communication can lead to increased pressure from impacted businesses. More importantly, it can bring the ire of enforcement agencies charged with monitoring data protection and security regulations.
The Clop ransomware gang has made headlines for its extreme tactics and high-profile attacks over the past several years. This makes this incident one of hardest-hitting mass hacks of 2024 so far. Yet, it underscores the growing peril posed by cybercriminal syndicates that learn to take advantage of weaknesses in commonly adopted software products.
Leave a Reply