Hertz Data Breach Exposes Customer Information

CyberGuy has learned that Hertz, the global car rental company, has suffered a data breach affecting thousands of its customers. The incident stems from a cyberattack on one of its third-party vendors, software provider Cleo, between October and December 2024.

The breach did not compromise Hertz's internal systems directly but involved data that had been shared with the vendor as part of its operational workflow. The compromised data varies by region but includes sensitive personal information such as names, dates of birth, contact details, driver's license numbers, and in some cases, Social Security numbers and other government-issued IDs.

The attack highlights the importance of companies being equally rigorous in vetting and monitoring third-party vendors. Cyber risk doesn't always come from a company's own network; it often originates in unseen corners of the digital supply chain.

What You Need to Know

• Requesting fraud alerts notifies creditors that they need extra verification before issuing credit in your name.
• Monitoring your credit reports regularly can prevent larger financial damage.
• Changing passwords and using a password manager can help protect your accounts tied to compromised data.
• Beware of social engineering attacks, which may use stolen details like names or birth dates from breaches in phone scams or fake customer service calls.

Protecting Yourself

To minimize the impact of this breach, follow these steps:

1. Scrub your data from the internet using a personal data removal service. The more exposed your personal information is online, the easier it is for scammers to use it against you.
2. Safeguard against identity theft and use identity theft protection. Hackers now have access to high-value information from the Hertz breach, including Social Security numbers, driver's license, and bank information. This makes you a prime target for identity theft. Signing up for identity theft protection gives you 24/7 monitoring, alerts for unusual activity, and support if your identity is stolen.
3. Set up fraud alerts. Requesting fraud alerts notifies creditors that they need extra verification before issuing credit in your name. You can request fraud alerts through any one of the three major credit bureaus; they'll notify the others.
4. Monitor your credit reports regularly. Check your credit reports regularly through AnnualCreditReport.com, where you can access free reports from each bureau once per year or more frequently if you're concerned about fraud. Spotting unauthorized accounts early can prevent larger financial damage.
5. Change passwords and use a password manager. Update passwords on any accounts tied to compromised data. Use unique passwords that are hard to guess, and let a password manager do the heavy lifting by generating secure ones for you.
6. Beware of social engineering attacks. Hackers may use stolen details like names or birth dates from breaches in phone scams or fake customer service calls designed to trick you into revealing more sensitive information. Never share personal details over unsolicited calls or emails.

Stay vigilant and take these steps to protect yourself against identity theft and financial loss. Follow me on social media for the latest tech tips, security alerts, and news: Cyberguy.com