Hertz has informed its customers about a data breach that has put personal information at risk, including drivers’ license numbers. The breach occurred due to a hack involving a vendor in Hertz’s supply chain, specifically an enterprise software firm called Cleo Communications US.
In a notice on its website, Hertz explained that it completed an investigation into the incident on April 2. They found that the compromised data could include names, credit card details, drivers’ license information, and information related to workers’ compensation claims. The company confirmed that the attackers accessed Hertz data during a security incident at Cleo.
A spokesperson for Hertz stated that their own network was not compromised in this incident. However, they acknowledged that unauthorized third parties managed to acquire Hertz data by exploiting security vulnerabilities in Cleo’s platform in late 2024. Hertz uses Cleo for limited purposes, but the breach highlights the risks associated with third-party vendors.
Last year, a ransomware group targeted some of Cleo’s partners using the same technology. In response, Cleo released a security update in December to fix the vulnerabilities in their software.
As of now, Cleo has not provided any comments regarding the breach. This incident raises concerns about data security and the importance of safeguarding personal information in an increasingly interconnected digital landscape.