Particle.news
Download on the App Store
7 ARTICLES
·
last wk.

Hertz Confirms Data Breach Exposing Customer Information via Vendor Vulnerability

The breach, linked to the Clop ransomware gang, compromised personal and financial data and prompted Hertz to offer free identity monitoring services to affected customers.

Image
Cars are parked near Hertz car rental signage at John F. Kennedy International Airport in Queens, New York City, U.S., March 30, 2022. REUTERS/Andrew Kelly
What to know about the Hertz data breach.
Image

Overview

  • Hertz disclosed that customer data, including names, contact details, driver's licenses, and payment information, was stolen in a breach tied to Cleo Software's platform vulnerabilities.
  • The breach, which occurred between October and December 2024, exploited zero-day vulnerabilities in Cleo's enterprise file transfer products during a broader Clop ransomware campaign.
  • A small number of customers had highly sensitive information, such as Social Security numbers and government-issued IDs, compromised in the incident.
  • Hertz is notifying affected customers globally, including in the U.S., Canada, the EU, and Australia, and has informed several U.S. states, including Maine and California.
  • As a response, Hertz is offering two years of free identity monitoring services and advises customers to remain vigilant against potential fraud.