Hertz Hackers Obtained Customers' Personal Information and License Records | Carscoops
Hertz has reported that it experienced a cyberattack between October and December 2024.
During this incident, some drivers’ social security numbers, along with their names and payment details, were compromised.
The company attributes its exposure to vulnerabilities in software from Cleo, the provider of its file transfer system.
Each year, Hertz rents out its cars and vans millions of times, gathering sensitive information from numerous customers in the U.S. and worldwide. Recently, Hertz announced that some of this personal data was accessed in a cyberattack last fall.
In a statement on its website, Hertz indicated that hackers exploited zero-day vulnerabilities in software supplied by Cleo Communications, a U.S.-based firm. Cleo's file transfer platform is designed to allow companies like Hertz to handle large amounts of customer data securely, but in February, Hertz learned that driver data had been stolen in October and December of the previous year.
Hertz claims that the stolen data may include names, contact details, dates of birth, driver's license information, and payment card data. It also acknowledged that some renters might have had their social security numbers and Medicare or Medicaid IDs accessed, as well as passport information.
The rental company has not specified the total number of customers affected by the breach but told TechCrunch that it would be "inaccurate to say millions." However, they acknowledged that at least 3,400 customers in Maine were impacted, with additional customers in other states, including California, according to TechCrunch.
Furthermore, the presence of customer alert notices on various Hertz websites globally suggests that the breach extends beyond the U.S., affecting customers in the UK, the European Union, Australia, Canada, and New Zealand.
Hertz has informed law enforcement about the incident and is notifying regulators. While it has not detected any misuse of customer information, the company has enlisted the services of cyberattack experts Kroll to offer two years of identity monitoring services at no cost to potentially affected individuals.
This incident is not the first involving Cleo's file transfer technology; last year, a ransomware group with ties to Russia targeted Cleo's systems used by multiple companies.
Other articles
Ferrari F40, Rolls-Royce Wagon, Singer 911: Exploring Dario Franchitti’s Garage
The three-time Indy 500 champion mentioned that his F40 still makes him feel exhilarated and explained how his Singer was influenced by his father's 930 Turbo.
Reasons Behind Tesla's Withdrawal of Model S and X from China | Carscoops
The trade war between the US and China has already resulted in its first casualties, and ironically, they are from one of Trump's staunchest supporters.
He Received a Complimentary Toyota After Driving 1 Million Miles, and Now He's Reached Another Million | Carscoops
Let's hope Toyota hears about the milestone and rewards Sheppard with a second complimentary Tundra.
The 2026 Audi A6 is even more aerodynamic than the R8.
With a drag coefficient of 0.23, the new 362-hp A6 is nearly as aerodynamic as a Porsche Taycan, despite Audi having to accommodate an engine in its design.
Audi Has Recently Revealed Its Most Aerodynamic Sedan to Date | Carscoops
The four-door 2026 A6 sedan, which will be available alongside the station wagon in Europe, draws design cues from the A7.
The 2,000-HP Lotus Evija Is the Fastest Lotus to Date, but Interest Appears Minimal.
Top Gear experienced the thrilling Lotus Evija EV, and although it offers an undeniably exhilarating driving experience, the circumstances are decidedly not in its favor.
Hertz Hackers Obtained Customers' Personal Information and License Records | Carscoops
Hertz stated that the cyberattack exposed drivers' names, birth dates, contact details, and credit card information.