Hertz Data Breach: Customer Data and Driver's Licenses Stolen

Hertz Data Breach Impacts Customer Information

Hertz, a leading car rental company, has initiated notifications to its customer base regarding a significant data breach. This incident involved the compromise of personal information, including driver’s license details.

Breach Details and Timeline

The rental firm, which also encompasses the Dollar and Thrifty brands, detailed the breach in website notices. It stems from a cyberattack targeting one of its vendors between October 2024 and December 2024.

The specific data exposed varies depending on the geographic location of the affected customers. However, it generally includes customer names, dates of birth, contact details, driver’s license numbers, and payment card information.

Types of Data Compromised

Furthermore, information related to workers’ compensation claims was also potentially accessed. A subset of customers experienced the exposure of their Social Security numbers and other government-issued identification numbers.

Geographic Scope of the Breach

Hertz has disclosed the breach to customers in several regions, including Australia, Canada, the European Union, New Zealand, and the United Kingdom.

Within the United States, breach notifications were also made to multiple state authorities, such as California, Maine, and Texas. At least 3,400 customers in Maine were impacted, alongside approximately 96,665 customers in Texas.

Affected Customer Numbers

While the total number of individuals affected remains undisclosed, Hertz spokesperson Emily Spencer indicated to TechCrunch that it would be inaccurate to suggest the impact reached millions of customers.

Vendor Responsibility: Cleo

The company has attributed the security incident to a vendor, Cleo, a software provider. Cleo was previously the target of a large-scale hacking operation orchestrated by a ransomware group with ties to Russia in the prior year.

Clop Ransomware Gang Involvement

Hertz is among numerous organizations that utilized Cleo’s software when the data thefts occurred. The Clop ransomware gang exploited a previously unknown vulnerability – a zero-day exploit – within Cleo’s enterprise file transfer products.

These products are designed to facilitate the secure sharing of large datasets over the internet. By compromising these systems, the attackers were able to steal substantial amounts of data from Cleo’s clientele.

Widespread Impact of the Clop Campaign

The Clop ransomware group initially claimed responsibility for data breaches at nearly 60 companies, leveraging the vulnerability in Cleo’s systems. Subsequent posts indicated an even larger number of alleged victims.

This data extortion campaign quickly became one of the most significant mass-hacking events of 2024.

Previous Hertz Statements

Previously, when Hertz was listed as a victim on the Clop site, the company stated it had found no evidence of compromised data or systems.

Current Assessment

However, on Monday, Hertz’s spokesperson informed TechCrunch that while their own network wasn’t directly affected, they confirmed that customer data had been obtained by an unauthorized party. This party exploited the zero-day vulnerabilities within the Cleo platform during October and December 2024.

Cleo has not yet responded to inquiries from TechCrunch regarding this matter.

This article was updated on April 15 to reflect a new breach filing in Texas.