Hertz, a major car rental company, announced a massive data breach affecting at least 100,000 customers. The breach stemmed from a security vulnerability exploited by hackers at one of Hertz’s vendors, Cleo Communications US.
What Happened?
The breach occurred between October and December 2024, exploiting a zero-day vulnerability in Cleo’s system. This allowed hackers to steal sensitive customer information.
Data Exposed
The stolen data included:
- Names and contact details
- Credit card information
- Driver’s license numbers
A smaller number of customers also had their Social Security numbers, passport information, Medicare/Medicaid IDs, and accident claim details compromised.
Hertz’s Response
Hertz discovered the breach on February 10, 2025, and immediately started investigating. They’ve contacted affected customers and are offering free credit monitoring services. While Hertz hasn’t seen any evidence of fraudulent activity yet, they urge customers to monitor their accounts closely for suspicious activity. Hertz emphasizes that they only used Cleo for limited file transfers.
What Customers Should Do
Hertz advises customers to carefully review their bank and credit card statements and credit reports for any unauthorized activity. Report anything suspicious immediately.
