Hertz data breach exposes customer information

Most companies usage antithetic vendors to tally antithetic parts of their business, specified arsenic lawsuit management, finances, payroll and societal media. To bash this, they stock entree to lawsuit information with these platforms. The contented is that not each vendors instrumentality cybersecurity seriously, and hackers are good alert of that. 

More and more, attackers are going aft these weaker links successful the integer proviso chain. These kinds of breaches often hap quietly, exposing ample amounts of lawsuit accusation without touching a company’s main systems. It’s becoming a superior interest for some businesses and their customers. 

One of the latest cases involves Hertz, the car rental giant, which precocious confirmed that lawsuit information was exposed due to the fact that of a cyberattack connected 1 of its bundle vendors.

Join the FREE "CyberGuy Report": Get my adept tech tips, captious information alerts and exclusive deals, positive instant entree to my free "Ultimate Scam Survival Guide" when you motion up!

Hertz rental location (Hertz)

What happened astatine Hertz?

Hertz, the planetary car rental institution that besides operates Dollar and Thrifty, has disclosed a information breach affecting thousands of its customers. The incidental stems from a cyberattack connected 1 of its third-party vendors, bundle supplier Cleo, betwixt October and December 2024. The breach did not compromise Hertz’s interior systems straight but progressive information that had been shared with the vendor arsenic portion of its operational workflow.

The compromised information varies by portion but includes delicate idiosyncratic accusation specified arsenic names, dates of birth, interaction details, driver’s licence numbers and, successful immoderate cases, Social Security numbers and different government-issued IDs. Certain fiscal information, including outgo paper details and workers’ compensation claims, was besides among the stolen records.

In the U.S., disclosures were filed with regulatory bodies successful California, Texas and Maine. Specifically, 3,457 individuals were affected successful Maine and 96,665 successful Texas. The full planetary impact, however, is believed to beryllium acold greater. Customers successful Australia, Canada, the EU, New Zealand and the U.K. were besides notified via breach notices connected Hertz’s determination websites.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

The breach is believed to beryllium the enactment of the Clop ransomware gang, a well-known Russia-linked hacking group. Clop exploited a zero-day vulnerability successful Cleo’s endeavor record transportation software, exertion utilized by galore ample organizations to securely transmit delicate concern data. In 2024, the pack launched a mass-hacking run targeting Cleo users, yet stealing information from much than 60 companies, including Hertz.

Interestingly, portion Hertz was named connected Clop’s acheronian web leak tract successful 2024, the institution initially stated it had "no evidence" its systems oregon information had been compromised.

When contacted by CyberGuy, a Hertz spokesperson said, "At Hertz, we instrumentality the privateness and information of idiosyncratic accusation seriously. This vendor lawsuit involves Cleo, a record transportation level utilized by Hertz for constricted purposes. Importantly, to date, our forensic probe has recovered nary grounds that Hertz's ain web was affected by this event. However, among galore different companies affected by this event, we person confirmed that Hertz information was acquired by an unauthorized 3rd enactment that we recognize exploited zero-day vulnerabilities wrong Cleo's level successful October 2024 and December 2024."

Hertz rental location (Hertz)

200 MILLION SOCIAL MEDIA RECORDS LEAKED IN MAJOR X DATA BREACH

What does this mean for customers?

While Hertz’s interior systems were not breached, the vulnerability of idiosyncratic data, including driver’s licence numbers, interaction details and government-issued IDs, poses superior risks. Affected individuals whitethorn beryllium susceptible to individuality theft, fraudulent relationship openings and targeted phishing attempts. If Social Security numbers were involved, the imaginable for harm increases significantly. Anyone who rented from Hertz, Dollar oregon Thrifty betwixt October and December 2024 should beryllium connected precocious alert.

A hacker astatine work (Kurt "CyberGuy" Knutsson)

MALWARE EXPOSES 3.9 BILLION PASSWORDS IN HUGE CYBERSECURITY THREAT

7 ways to support yourself aft the Hertz information breach

If you deliberation you were affected oregon conscionable privation to beryllium cautious, present are immoderate steps you tin instrumentality close present to enactment harmless from the Hertz information breach.

1. Watch retired for phishing scams and usage beardown antivirus software: With entree to your email, telephone fig oregon recognition documents, attackers tin trade convincing phishing emails pretending to beryllium from healthcare providers oregon banks. These emails mightiness see malicious links designed to instal malware oregon bargain login information. To support yourself, usage a beardown antivirus program. Get my picks of the champion 2025 antivirus extortion winners for your Windows, Mac, Android and iOS devices.

2. Scrub your information from the net utilizing a idiosyncratic information removal service: The much exposed your idiosyncratic accusation is online, the easier it is for scammers to usage it against you. Following the Hertz breach, see removing your accusation from nationalist databases and people-search sites. Check retired my apical picks for information removal services here.

3. Safeguard against individuality theft and usage individuality theft protection: Hackers present person entree to high-value accusation from the Hertz breach, including Social Security numbers, driver's licence and slope information. This makes you a premier people for individuality theft. They tin besides assistance you successful freezing your slope and recognition paper accounts to forestall further unauthorized usage by criminals. Signing up for individuality theft extortion gives you 24/7 monitoring, alerts for antithetic enactment and enactment if your individuality is stolen. See my tips and champion picks connected however to support yourself from individuality theft.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

4. Set up fraud alerts: Requesting fraud alerts notifies creditors that they request other verification earlier issuing recognition successful your name. You tin petition fraud alerts done immoderate 1 of the 3 large recognition bureaus; they’ll notify the others. This adds different furniture of extortion without wholly freezing entree to credit. 

5. Monitor your recognition reports: Check your recognition reports regularly through AnnualCreditReport.com, wherever you tin entree escaped reports from each bureau erstwhile per twelvemonth oregon much often if you’re acrophobic astir fraud. Spotting unauthorized accounts aboriginal tin forestall larger fiscal damage.

6. Change passwords and usage a password manager: Update passwords connected immoderate accounts tied to compromised data. Use unsocial passwords that are hard to conjecture and fto a password manager bash the dense lifting by generating unafraid ones for you. Reused passwords are an casual people aft breaches. Consider password managers for convenience and security. Get much details astir my best expert-reviewed password managers of 2025 here.

7. Be wary of societal engineering attacks: Hackers whitethorn usage stolen details similar names oregon commencement dates from breaches successful telephone scams oregon fake lawsuit work calls designed to instrumentality you into revealing much delicate info. Never stock idiosyncratic details implicit unsolicited calls oregon emails. Social engineering attacks trust connected trust, and vigilance is key. 

HACKERS USING MALWARE TO STEAL DATA FROM USB FLASH DRIVES

Kurt’s cardinal takeaway

Cyber hazard doesn’t ever travel from a company’s ain network. It often originates successful unseen corners of the integer proviso chain. Even arsenic companies treble down connected interior cybersecurity, they indispensable beryllium arsenic rigorous successful however they vet and show third-party vendors. For consumers, it’s nary longer capable to spot the large marque connected the label. The information way is wider, the onslaught aboveground larger and the consequences acold much opaque. 

CLICK HERE TO GET THE FOX NEWS APP

If companies can’t support our data, should they beryllium allowed to cod truthful overmuch of it? Let america cognize by penning america at Cyberguy.com/Contact.

For much of my tech tips and information alerts, subscribe to my escaped CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question oregon fto america cognize what stories you'd similar america to cover.

Follow Kurt connected his societal channels:

• Facebook
• YouTube
• Instagram

Answers to the most-asked CyberGuy questions:

• What is the champion mode to support your Mac, Windows, iPhone and Android devices from getting hacked?
• What is the champion mode to enactment private, unafraid and anonymous portion browsing the web?
• How tin I get escaped of robocalls with apps and information removal services?
• How bash I region my backstage information from the internet?

New from Kurt:

• Try CyberGuy's caller games (crosswords, connection searches, trivia and more!)
• CyberGuy's exclusive coupons and deals
• Best gifts for Mom 2025

Copyright 2025 CyberGuy.com. All rights reserved.