April 15, 2025 Hertz has disclosed a data breach resulting from a cyberattack on its vendor, Cleo Communications, which compromised sensitive customer information, including driver’s license and credit card details.
The Clop ransomware gang has reportedly claimed credit for the attackSoon on its dark web leak site, alleging that that it stole data from close to 60 companies by exploiting the bug in their Cleo systems. Cleo helps manage electronic data for a large number of companies. That’s why, in a later post, Clop claimed dozens more alleged corporate victims.
Hertz initially denied the hack, but later confirmed unauthorized access to customer data, such as names, contact information, dates of birth, driver’s license numbers, and payment card information. A smaller subset of customers may have had their Social Security numbers, passport details, or workers’ compensation data exposed.
Hertz explained that its internal systems remained unaffected, but the company became aware of the breach on February 10, 2025, and completed its analysis by April 2.
The breach affects customers across multiple regions, including the U.S., Canada, the EU, the UK, and Australia. In Texas alone, approximately 96,665 customers were impacted.
Hertz has notified law enforcement and regulatory bodies and is offering two years of free identity monitoring services through Kroll to affected individuals. The company advises customers to monitor their accounts for any unauthorized activity.
