Importance Score: 75 / 100 🔴
Data Breach at Hertz Exposes Customer Data, Including Credit Card Details and Social Security Numbers
Major car rental firm Hertz is notifying customers about a significant data breach that may have compromised personal information, including sensitive data such as credit card details and Social Security numbers. This cyber incident affected a third-party vendor and involved the potential theft of customer data. According to a statement published online, Hertz confirmed that company data “was accessed by an unauthorized entity” during a cyberattack that exploited previously unknown security flaws in the Cleo Communications file sharing platform between October 2024 and December 2024.
Details of the Cyberattack and Data Theft
Hertz acknowledged the data security incident on February 10th. A subsequent, more detailed analysis completed on April 2nd revealed the extent of the potential data exposure. The investigation indicated that customer names, contact information, dates of birth, credit card information, driver’s license details, and worker’s compensation claim information may have been potentially compromised in the incident.
The company further stated that a limited number of clients also had their Social Security numbers compromised during the security incident, along with passport numbers and other forms of government-issued identification data.
Hertz’s Response and Investigation
Hertz has stated that the matter has been reported to law enforcement and appropriate regulatory bodies. Cleo Communications has reportedly remedied the security weaknesses that were exploited in the cyberattack.
The online notification regarding the data breach is available in several regions, including the United States, Canada, the European Union, the United Kingdom, and Australia. While Hertz has not disclosed the number of customers affected by this data security event, the company maintains it is “not aware of any fraudulent use of personal data connected to this event.” Inquiries have been made to Hertz seeking clarification and further details on the scope of the breach.
vCard.red is a free platform for creating a mobile-friendly digital business cards. You can easily create a vCard and generate a QR code for it, allowing others to scan and save your contact details instantly.
The platform allows you to display contact information, social media links, services, and products all in one shareable link. Optional features include appointment scheduling, WhatsApp-based storefronts, media galleries, and custom design options.
Connection to Cleo Communications and Clop Ransomware Group
The perpetrators responsible for the cyberattack remain unidentified. Cleo Communications, a platform utilized by numerous international organizations, was prominently targeted in a large-scale hacking campaign in October of the previous year. The Clop ransomware group, reportedly linked to Russia, asserted responsibility for these incidents. This group previously leaked Cleo company data on its data leak site and claimed to have infiltrated 59 organizations through security flaws in Cleo’s platform.