Bear in mind when renting a automobile meant worrying about insurance coverage and gasoline costs? These have been less complicated instances. Now Hertz clients face a brand new concern because the rental large confirmed a big knowledge breach affecting its Hertz, Thrifty, and Greenback manufacturers.
The Safety Vulnerability Exploited
Between October and December 2024, cybercriminals exploited zero-day vulnerabilities in Cleo’s integration platform—a third-party vendor utilized by Hertz.
In line with Hertz’s knowledge breach notification, the compromised data varies by particular person however consists of names, contact data, beginning dates, and bank card particulars. Driver’s license data was additionally uncovered for a lot of relations. A smaller subset of consumers could have had extra delicate knowledge compromised, together with Social Safety numbers, passport particulars, and medical data associated to automobile accident claims.
Detection Timeline
Hertz found the unauthorized entry on February 10, 2025—roughly two to 4 months after the preliminary breach occurred, in accordance with the corporate’s statements. This timeline suggests attackers had prolonged entry to buyer knowledge earlier than detection.
In line with cybersecurity professionals, such delays between breach and discovery are regarding however not unusual. A 2024 IBM security report famous that the common time to determine a breach throughout industries is 197 days, highlighting the persistent problem of well timed detection.
Firm Response
In response to the breach, Hertz has applied enhanced safety measures and is providing affected clients two years of free identification monitoring providers. The corporate has additionally notified acceptable regulatory authorities and legislation enforcement.
A Hertz consultant said the corporate is taking steps to forestall comparable incidents sooner or later and is advising clients to stay vigilant towards potential fraud makes an attempt, although no misuse of non-public data has been detected to this point.
The Perpetrators: Clop Ransomware Group
Safety researchers have recognized the Clop ransomware group as accountable for the assault. Clop is a classy cybercriminal group recognized for focusing on corporations by zero-day vulnerabilities in file switch purposes.
In line with a number of cybersecurity corporations monitoring their actions, Clop has printed parts of Hertz’s knowledge on their extortion website in January 2025, a tactic they ceaselessly make use of to strain corporations into paying ransoms.
Clop has established a sample of extremely focused assaults reasonably than opportunistic breaches. The group rigorously selects vulnerabilities that may yield priceless knowledge and executes assaults with technical precision to maximise their probabilities of success whereas minimizing detection.
Defending Affected Prospects
For affected clients, safety specialists suggest taking extra steps past the free monitoring providers offered by Hertz. The Federal Trade Commission advises putting fraud alerts on credit score reviews, contemplating credit score freezes, and monitoring monetary accounts commonly for suspicious exercise.
The compromise of driver’s license data presents specific challenges. Not like bank cards, driver’s license numbers can’t be simply modified, creating an prolonged interval throughout which the data could possibly be misused for identification theft or fraud.
The Broader Safety Problem
This breach highlights an ongoing problem in knowledge safety: the necessity for strong safety not simply inside corporations themselves however throughout their third-party vendor ecosystem. In line with a 2024 Ponemon Institute research, 59% of organizations have skilled a data breach brought on by a 3rd social gathering or vendor.
For Hertz clients, this incident serves as one other reminder of the potential downstream penalties when private data is compromised—penalties that stretch far past the preliminary transaction of renting a automobile.
About The Author
