Hertz Confirms Data Breach Exposing Sensitive Customer Information

The breach, linked to vulnerabilities in a vendor's software, affected at least 3,400 customers in Maine with the total impact still under investigation.

• Hertz has disclosed a data breach involving personal customer information, including driver’s licenses and, in some cases, Social Security numbers.
• The breach occurred between October and December 2024, exploiting zero-day vulnerabilities in Cleo Software’s platform, a vendor used by Hertz.
• At least 3,400 customers in Maine have been impacted, though the total number of affected individuals remains unclear.
• Hertz has notified regulatory bodies and customers across multiple regions, including the U.S., Canada, Australia, and the European Union.
• The incident highlights the growing risks of third-party software vulnerabilities, with Cleo previously targeted in a mass-hacking campaign by the Clop ransomware gang.

4 Articles

TechCrunch BleepingComputer The Verge