Overview

• Hertz has begun notifying affected customers following a data breach through Cleo Communications' file transfer platform between October and December 2024.
• Compromised information includes names, contact details, birthdates, credit card and driver’s license data, and, in some cases, Social Security numbers and government IDs.
• The breach impacted customers across multiple regions, including the U.S., Canada, EU, UK, Australia, and New Zealand, with 3,409 individuals identified in Maine alone.
• Hertz is offering two years of free identity and dark web monitoring services via Kroll and is urging customers to remain vigilant for potential fraud.
• The Clop ransomware gang, linked to the attack, exploited Cleo's zero-day vulnerabilities, which have since been patched, as part of a broader mass-hacking campaign.