Hertz, the global car rental company, has revealed that it suffered a data breach, compromising sensitive customer information, including credit card details, driver's license data, and Social Security numbers. The breach occurred between October 2024 and December 2024, affecting one of Hertz's vendors, Cleo Communications, which provides file transfer services.

The extent of the breach is still unclear, but customer notices have been released in multiple countries, including the US, Canada, the European Union, the United Kingdom, and Australia. Hertz claims that it is "not aware of any misuse of personal information" stemming from the breach, but the company has not disclosed the number of customers affected.

The breach was confirmed by Hertz on February 10th, and further analysis on April 2nd revealed that the exposed data includes customers' names, contact information, dates of birth, credit card information, driver's license details, and information related to workers' compensation claims. A small number of individuals also had their Social Security numbers, passport numbers, and other government-issued identification data stolen.

Hertz has reported the incident to law enforcement and relevant regulators, and Cleo has since addressed the identified vulnerabilities. However, the group or individual responsible for the cyberattack remains unknown. Notably, Cleo was targeted by a mass-hacking campaign in October last year, with the Russia-affiliated Clop ransomware gang claiming responsibility for the attacks.

This breach highlights the importance of robust cybersecurity measures, particularly for companies that handle sensitive customer information. The incident also underscores the need for vendors and third-party providers to ensure the security of their platforms, as a single vulnerability can have far-reaching consequences.

The impact of the breach on Hertz's customers and reputation remains to be seen. While the company claims that it is not aware of any misuse of personal information, the exposure of sensitive data can lead to identity theft, financial fraud, and other malicious activities. Hertz has not provided a timeline for notifying affected customers or offering support services, such as credit monitoring or identity theft protection.

In the wake of this breach, customers are advised to monitor their credit reports and financial statements closely, and to report any suspicious activity to the relevant authorities. The incident serves as a reminder for individuals to remain vigilant in protecting their personal information and for companies to prioritize cybersecurity and data protection.