Hertz Corp., parent of the Hertz, Dollar and Thrifty car-rental brands, on April 2 completed the analysis of a data breach that occurred in late 2024 and that Hertz acknowledged on Feb. 10, according to a notice on its website. The breach involved Cleo Communications U.S., a Hertz vendor that provides a file transfer platform.
An unauthorized third party exploited “zero-day vulnerabilities” within Cleo’s platform in October and December 2024. A zero-day vulnerability is a security flaw that has been disclosed but is not yet patched.
Hertz concluded that the personal information compromised may include the following: name, contact information, date of birth, credit card information, driver’s license information and information related to workers’ compensation claims.
“A very small number of individuals may have had their social security or other government identification numbers, passport information, Medicare or Medicaid ID (associated with workers’ compensation claims), or injury-related information associated with vehicle accident claims impacted by the event,” according to the Hertz notice.
Hertz added that Cleo “took steps to investigate the event and address the identified vulnerabilities,” reported the breach to law enforcement and is in the process of reporting the event to relevant regulators. In addition, Hertz has retained financial risk firm Kroll to provide two years of identity monitoring or dark web monitoring services to potentially impacted individuals at no cost.
The company said it is not aware of any misuse of personal information for fraudulent purposes in connection with the event.
Recent Comments