Security

Critical Data Breach at Hertz: Customers’ Personal Information and Licenses Compromised

tuffbrownboy


Hertz data leaked on Clop data leak site
Red Report 2025

Overview of the Hertz Data Breach

The prestigious car rental company, Hertz Corporation, has been hit by a significant data breach. This incident has compromised critical customer data across its Hertz, Thrifty, and Dollar brands due to zero-day data theft attacks on the Cleo platform.

Details of the Incident

On February 10, 2025, Hertz discovered that unauthorized access to its database was made possible through exploitation of zero-day vulnerabilities that occurred in Cleo’s systems in October and December of the previous year. The full extent of the disclosure describes various personal details that were stolen, ranging widely from customers’ full names to sensitive financial information.

Types of Information Compromised:

  • Full Names and Contact Details
  • Date of Birth and Credit Card Information
  • Driver’s License and Social Security Numbers
  • Passport Details and Government IDs (in specific circumstances)
  • Additional Information from Related Claims

Scope of Impact

Hertz has not officially revealed the complete number of customers affected. However, in Maine alone, it is reported by the Attorney General’s Office that 3,409 individuals have been notified. Additional notifications have been sent out in California and Vermont, though the exact figures from these states remain undisclosed at this time.

Customer Support Measures

Hertz is actively taking steps to mitigate the impact of this breach. They are offering two years of free identity monitoring services to the affected customers and advising vigilance against potential fraud. Despite this precaution, it’s important to note that the Clop ransomware gang, known as the orchestrators of this breach, had previously leaked the company’s data on their extortion site.

Background on the Attackers

The Clop ransomware gang, also known as TA505 and Cl0p, began their operations with ransomware in March 2019. Their tactics have evolved over the years to focus on data theft, particularly exploiting zero-day vulnerabilities in secure file transfer platforms to steal valuable data from high-profile companies.

Conclusion

Hertz is proceeding with thorough investigations and has initiated stronger security measures to safeguard its systems. Customers affected by this breach are advised to monitor their financial transactions closely and report any suspicious activities related to their personal information.

For more detailed updates and advice on protecting your personal information, please visit Hertz’s official Data Breach Notification.

Related: Hertz Data Breach Exposes Customer Details and Driver’s Licenses

Last Updated: April 14, 2025

Post Views: 19

Related Posts