Hertz says hackers stole customer credit card and driver’s license data

Hertz says it’s “not alert of immoderate misuse of idiosyncratic information” stemming from the breach. | Image: Getty Images

Car rental elephantine Hertz is alerting customers that idiosyncratic accusation including recognition paper details and Social Security numbers whitethorn person been stolen successful a information breach that impacted 1 of the firm’s vendors. In a announcement posted to its website, Hertz says that institution information “was acquired by an unauthorized third-party” during a cyberattack exploiting zero-day vulnerabilities wrong the Cleo Communications record transportation level betwixt October 2024 and December 2024.

The information theft was confirmed by Hertz connected February 10th, with further investigation connected April 2nd concluding that customers’ names, interaction information, dates of birth, recognition paper information, driver’s licence details, and accusation related to workers’ compensation claims whitethorn person been exposed by the breach. Hertz besides says that “a precise tiny fig of individuals” had their Social Security numbers taken successful the breach, on with passport numbers and different government-issued recognition data.

Hertz says that the incidental is being reported to instrumentality enforcement and applicable regulators, and that Cleo has since addressed “the identified vulnerabilities.”

The website announcement is viewable crossed aggregate regions, including the US, Canada, the European Union, the United Kingdom, and Australia. Hertz has not revealed however galore of its customers person been impacted by the breach but says it is “not alert of immoderate misuse of idiosyncratic accusation for fraudulent purposes successful transportation with the event.” We person asked Hertz to clarify however galore customers are affected.

The radical oregon idiosyncratic liable for the cyberattack has not been identified. Cleo, which is utilized by a wide scope of planetary organizations, was notably targeted by a mass-hacking run successful October past year. The Russia-affiliated Clop ransomware pack aboriginal claimed work for those attacks, leaking Cleo institution information connected its extortion tract and listing 59 organizations it claimed to person breached via vulnerabilities successful Cleo’s platform.