Particle.news
Download on the App Store
12 ARTICLES
·
last wk.

Hertz Notifies Customers of Major Data Breach Tied to Cleo Software Exploit

The car rental giant confirms sensitive customer data was stolen through a vendor cyberattack and begins offering identity monitoring services.

Image
Cars are parked near Hertz car rental signage at John F. Kennedy International Airport in Queens, New York City, U.S., March 30, 2022. REUTERS/Andrew Kelly
Image
A Hertz car rental counter.

Overview

  • Hertz has confirmed that customer data, including credit card details, driver’s license information, and other personal identifiers, was stolen in a breach exploiting Cleo Software vulnerabilities in late 2024.
  • The breach, linked to the Clop ransomware gang, affected customers across multiple regions, including the US, Canada, UK, EU, Australia, and New Zealand.
  • Hertz began notifying affected customers on April 14, 2025, and is offering two years of free identity monitoring services as a precautionary measure.
  • The company reports no evidence of its internal networks being compromised or any misuse of the stolen data for fraudulent purposes so far.
  • Hertz has reported the incident to law enforcement and regulators, while Cleo Software has since addressed the exploited vulnerabilities.