Hertz says hackers stole customer data in vendor breach

Hertz is notifying customers that hackers may have stolen personal information including credit card details and Social Security numbers during a data breach on one of its vendors.

In a notice on its website, Hertz said an unauthorized third-party stole data during a cyberattack on Cleo Communications’s file-transfer platform between October 2024 and December 2024.

Hertz, which also owns the Dollar and Thrifty rental brands, said it confirmed the attack on February 10 and concluded April 2 that the information exposed by the breach could have included customers’ names, contact information, dates of birth, credit card information, driver’s license information, and information related to workers’ compensation claims. It added that a small number of customers may have had other identifying details also impacted, including Social Security or other government identification numbers, passport information, Medicare or Medicaid ID, or injury-related information associated with vehicle accident claims.

“While Hertz is not aware of any misuse of personal information for fraudulent purposes in connection with the event, we encourage potentially impacted individuals, as a best practice, to remain vigilant to the possibility of fraud or errors by reviewing account statements and monitoring free credit reports for any unauthorized activity and reporting any such activity,” the company said in its notice.

It’s unclear exactly how many customers have been impacted. Hertz disclosed the breach to customers in several U.S. states and other countries, including Australia, Canada, the European Union, New Zealand, and the United Kingdom.

Last October, Cleo was hit by a mass-hacking campaign by a large Russian-linked ransomware gang. TechCrunch reported that Cleo had more than 4,200 customers, including retail giant New Balance. At the time, Hertz said that it had “no evidence” that Hertz data or systems were affected.

Cyberattacks are becoming increasingly sophisticated and data breaches are hitting historic levels, according to the World Economic Forum’s Global Cybersecurity Outlook and the Identity Theft Resource Center.

Hertz said that potentially impacted U.S. customers can sign up for identity-monitoring services through Kroll for two years for at no cost.

https://www.fastcompany.com/91317152/hertz-says-hackers-stole-customer-data-in-vendor-breach?partner=rss&utm_source=rss&utm_medium=feed&utm_campaign=rss+fastcompany&utm_content=rss