Skip to main content
Customer Support Customer Support

Hertz data breach: Customers in US, EU, UK, Australia and Canada affected

Jasper_The_Rasper
Moderator
Forum|alt.badge.img+54

April 15, 2025 By Zeljka Zorz

 

American car rental company Hertz has suffered a data breach linked to last year’s exploitation of Cleo zero-day vulnerabilities by a ransomware gang.

Hertz sata breach

The breach resulted in information of an unknown number of customers of Hertz and Hertz’s subsidiaries Dollar and Thrifty to be compromised.

Hertz data breach notifications

“Cleo is a vendor that provides a file transfer platform used by Hertz for limited purposes,” the company shared – though it did not specify what those limited purposes were.

“On February 10, 2025, we confirmed that Hertz data was acquired by an unauthorized third party that we understand exploited zero-day vulnerabilities within Cleo’s platform in October 2024 and December 2024.”

Hertz, which operates in 160+ countries around the world under various brands, has published notices aimed at customers in the US, EU, Canada, UK and Australia.

According to those notices, the following type of information was compromised:

  • US individuals: name, contact information, date of birth, credit card information, driver’s license information and information related to workers’ compensation claims compromised. “A very small number of individuals may have had their Social Security or other government identification numbers, passport information, Medicare or Medicaid ID (associated with workers’ compensation claims), or injury-related information associated with vehicle accident claims impacted by the event,” Hertz added
  • UK individuals: name, contact information, date of birth, driver’s license information and payment card information
  • Canadian individuals: name, contact information, date of birth, credit card information and driver’s license information. Some of them “may have had their government identification numbers, injury-related information associated with vehicle accident claims or information related to worker’s compensation claims” compromised
  • Australian and EU individuals: name, contact information, date of birth, driver’s license information and payment card information. Some of them may have had their passport information compromised

 

>>Full Article<<

    0 replies

    Be the first to reply!

    Reply


    Terms & Conditions