Hertz is alerting customers to a data breach involving drivers’ license numbers and other personal information following a hack in its supply chain.
The car-rental company said in a posting on its website that it completed an analysis of the incident on April 2 and determined the affected information may include names, credit-card data, driver’s license information and details related to workers’ compensation claims. The company confirmed in February that attackers obtained Hertz data during a security incident at a vendor, an enterprise software firm Cleo Communications US, according to the posting.
“Our forensic investigation has found no evidence that Hertz’s own network was affected by this event,” according to a statement provided by a company spokesperson on Monday. “However, among many other companies affected by this event, we have confirmed that Hertz data was acquired by an unauthorized third party that we understand exploited zero-day vulnerabilities within Cleo’s platform in October 2024 and December 2024.”
Hertz uses Cleo for limited purposes, the car-rental company said.
A ransomware group last year leveraged Cleo technology to target some of the company’s partners, according to the cybersecurity firm Huntress. Cleo in December released an update to address the software flaws.
A representative for Cleo didn’t immediately respond to a request for comment.
TechCrunch previously reported on the security incident.
Photo: Cars on a Hertz car rental lot in Berkeley, California in 2021. Photographer: David Paul Morris/Bloomberg
Topics
Cyber
Was this article valuable?
Here are more articles you may enjoy.
Interested in Cyber?
Get automatic alerts for this topic.
#Hertz #Hackers #Stole #License #Numbers #Credit #Card #Data