Hertz Says Hackers Stole License Numbers, Credit Card Data

The car-rental company Hertz has alerted customers to a significant data breach involving drivers' license numbers and other personal information following a hack in its supply chain. The news came as a shock to many, as the company recently confirmed that attackers obtained Hertz data during a security incident at a vendor, Cleo Communications US.

According to a statement provided by Hertz on Monday, the affected information may include names, credit-card data, driver's license information, and details related to workers' compensation claims. The company has completed an analysis of the incident on April 2 and determined that its own network was not directly affected by the event.

However, Hertz has confirmed that it is among many other companies whose data was acquired by an unauthorized third party. This party is believed to have exploited zero-day vulnerabilities within Cleo's platform in October and December 2024. The car-rental company uses Cleo for limited purposes, but a ransomware group had previously leveraged the software technology to target some of its partners.

It's worth noting that Cleo released an update in December to address the software flaws. A representative for Cleo did not immediately respond to a request for comment. TechCrunch previously reported on the security incident, highlighting the vulnerability of companies like Hertz to cyber attacks.

Cars on a Hertz car rental lot in Berkeley, California in 2021. Photographer: David Paul Morris/Bloomberg

What You Need to Know:

• Monitor your accounts and credit reports for any suspicious activity • Consider placing a credit freeze to prevent unauthorized access to your information • Review your personal data with Hertz to ensure it's accurate and up-to-date

Stay Informed:

Get automatic alerts for this topic by signing up for our newsletter. We'll keep you updated on any developments in this story and provide expert analysis and insights.