Particle.news

Download on the App Store

Hertz Confirms Customer Data Breach Linked to Vendor Cyberattack

The breach, exploiting Cleo Communications' zero-day vulnerabilities, exposed sensitive customer information, with no evidence of misuse reported so far.

Image
Cars are parked near Hertz car rental signage at John F. Kennedy International Airport in Queens, New York City, U.S., March 30, 2022. REUTERS/Andrew Kelly
Image
A Hertz car rental counter.

Overview

  • Hertz has begun notifying affected customers following a data breach through Cleo Communications' file transfer platform between October and December 2024.
  • Compromised information includes names, contact details, birthdates, credit card and driver’s license data, and, in some cases, Social Security numbers and government IDs.
  • The breach impacted customers across multiple regions, including the U.S., Canada, EU, UK, Australia, and New Zealand, with 3,409 individuals identified in Maine alone.
  • Hertz is offering two years of free identity and dark web monitoring services via Kroll and is urging customers to remain vigilant for potential fraud.
  • The Clop ransomware gang, linked to the attack, exploited Cleo's zero-day vulnerabilities, which have since been patched, as part of a broader mass-hacking campaign.