Hertz Says Hackers Stole Customer Credit Card and Driver's License Data

Car rental giant Hertz has alerted customers that their personal information, including credit card details and Social Security numbers, may have been stolen in a data breach that impacted one of the firm's vendors.

The extent of the data breach is still unclear, but customer notices have been released in multiple countries, including the US, Canada, the European Union, the United Kingdom, and Australia. Hertz says that company data "was acquired by an unauthorized third-party" during a cyberattack exploiting zero-day vulnerabilities within the Cleo Communications file transfer platform between October 2024 and December 2024.

The data theft was confirmed by Hertz on February 10th, with further analysis on April 2nd concluding that customers' names, contact information, dates of birth, credit card information, driver's license details, and information related to workers' compensation claims may have been exposed by the breach. Hertz also says that "a very small number of individuals" had their Social Security numbers taken in the breach, along with passport numbers and other government-issued identification data.

The incident is being reported to law enforcement and relevant regulators, and Cleo has since addressed "the identified vulnerabilities." However, the group or individual responsible for the cyberattack has not been identified. Hertz has not revealed how many of its customers have been impacted by the breach, but says it is "not aware of any misuse of personal information for fraudulent purposes in connection with the event."

The Russia-affiliated Clop ransomware gang later claimed responsibility for a mass-hacking campaign on Cleo's platform in October last year. The company had previously been targeted by other cyberattacks, and Hertz has now become the latest victim.

Cleo is a widely used file transfer platform that provides services to global organizations. However, its vulnerability to exploitation by zero-day attacks raises concerns about the security of sensitive information.

Customers who have been affected by the breach are advised to monitor their accounts and credit reports closely for any suspicious activity. They can also contact Hertz's customer service team for further guidance and support.

A Call to Action: What You Can Do

If you're a Hertz customer, it's essential to take steps to protect your personal information. Here are some tips:

• Monitor your credit reports and accounts closely for any suspicious activity.
• Contact Hertz's customer service team for further guidance and support.
• Consider placing a fraud alert on your credit reports to prevent identity theft.
• Be cautious when using public Wi-Fi networks or accessing sensitive information online.

What's Next: The Response from Hertz and Law Enforcement

Hertz is taking steps to address the breach, including reporting it to law enforcement and relevant regulators. However, more needs to be done to protect customers' personal information. We will continue to monitor this situation and provide updates as more information becomes available.