• Hertz confirmed a data breach between October and December 2024, exposing customer information such as credit card details, Social Security numbers, and driver’s license data via vulnerabilities in the Cleo Communications platform.
  • The breach may be linked to the Russia-affiliated Clop ransomware gang’s mass-hacking campaign, though the attacker remains unidentified.
  • Hertz is working with law enforcement, has implemented security measures, and advises customers to monitor financial accounts while ensuring no evidence of fraud has been found so far.

Car rental giant Hertz has revealed a data breach that may have compromised sensitive customer information, including credit card details and Social Security numbers. The breach occurred via vulnerabilities in the Cleo Communications file transfer platform between October and December 2024, Hertz confirmed on Feb. 10.

“We deeply regret this incident and understand how concerning it is for our customers,” Hertz stated in a notice posted on its website.

Freedom-Loving Beachwear by Red Beach Nation - Save 10% With Code RVM10

What data was stolen?

Analysis completed on April 2 revealed that customer names, contact information, dates of birth, credit card numbers, driver’s license details, and information tied to workers’ compensation claims may have been accessed. A small number of customers also had their Social Security numbers, passport details, and other government-issued IDs exposed.

Hertz emphasized there is no evidence yet of the stolen data being misused for fraud. The company is working with law enforcement and regulators, while Cleo has patched the vulnerabilities exploited in the attack.

CLICK HERE TO READ MORE FROM THE THE DUPREE REPORT

Following recent reports that Congress is considering a nationwide voter ID requirement for federal elections, do you support requiring voters to show identification before casting a ballot?

By completing the poll, you agree to receive emails from The Dupree Report, occasional offers from our partners and that you've read and agree to our privacy policy and legal statement.

Who’s behind the attack?

The culprit remains unidentified, but Cleo was a target of last year’s mass-hacking campaign linked to the Russia-affiliated Clop ransomware gang. Clop previously listed Cleo and 59 other organizations as victims of its exploits.

What’s next for customers?

Hertz has declined to disclose how many customers were impacted but assures it’s taking all necessary measures to protect data moving forward. “We’re focused on ensuring this doesn’t happen again,” the company added.

While the breach is unsettling, customers can take proactive steps like monitoring financial accounts. Want the latest updates? Follow The Dupree Report on WhatsApp and stay informed.

What are your thoughts on this breach? Share your comments below, and let’s discuss how companies can improve cybersecurity. For more, visit The Dupree Report.

Freedom-Loving Beachwear by Red Beach Nation - Save 10% With Code RVM10