Excerpt from Bleeping Computer Article, Published on Apr 14, 2025.
Hertz, the well-known car rental corporation, has confirmed a significant data breach that compromised sensitive customer information. The incident involved unauthorized access to data from Hertz and its affiliated brands, Thrifty and Dollar, as a result of zero-day vulnerabilities in Cleo’s file transfer platform exploited in October and December 2024.
According to the official statement released by Hertz, the company identified the breach on February 10, 2025. The breach allowed hackers to access a range of personal data, including names, contact details, dates of birth, credit card information, and driver’s license numbers. In some cases, even more sensitive data such as Social Security numbers, government IDs, passport information, and Medicare or Medicaid IDs were exposed, particularly in connection to workers’ compensation claims and accident-related data. Though Hertz has not publicly disclosed the total number of affected customers, reports from Maine’s Attorney General indicate that at least 3,409 individuals in the state have received breach notifications. Similar notifications were also issued in California and Vermont.
While Hertz states that there has been no confirmed misuse of the stolen information, the Clop ransomware gang has leaked the compromised data on its dark web extortion site. The group, which previously targeted platforms like MOVEit Transfer and GoAnywhere MFT, has taken responsibility for attacking Cleo’s systems and stealing data from at least 66 companies, including Hertz. In response to the breach, Hertz is offering two years of free identity monitoring to impacted individuals and is urging customers to stay vigilant for potential fraud attempts. As cybersecurity threats grow more sophisticated, the Hertz data breach underscores the urgent need for companies to secure third-party platforms and take proactive measures to safeguard customer data. Hertz now faces growing pressure to reinforce its cybersecurity defenses and rebuild trust among its global customer base.
To delve deeper into this topic, please read the full article Bleeping Computer.
