Thousands of Hertz customers potentially had their data stolen after one of the company’s partners was exposed in a security breach.
Hertz believes an unauthorized third-party vendor acquired the data within Cleo’s file-transfer software in October 2024 and December 2024.
In a statement, the company told The Independent: “Our forensic investigation has found no evidence that Hertz’s own network was affected by this event.”
The data was impacted in February, the company said, explaining it immediately took action to determine the scope of the event and to identify individuals whose personal information may have been impacted.
The probe found personal information, including names, contact information, date of birth, credit card information, driver’s licenses and information regarding workers’ compensation claims may have been exposed.
Additionally, a “very small number” of people had their Social Security or other government numbers, Medicare or Medicaid ID or injury-related information tied to vehicle accident claims stolen.
Impacted customers will be notified. It’s not clear how many customers were affected, though The Hill reported a company spokesperson said: “It would be inaccurate to say millions of customers are affected.”
A notice filed in Maine stated 3,409 people in the state were impacted. Another in Texas declared 96,600 people were affected. Customers outside of the US in Australia, Canada, the European Union, New Zealand and the United Kingdom were also alerted.
Impacted individuals are being offered two years of identity monitoring or dark web monitoring services through Kroll, an identity services company. Customers are encouraged to “remain vigilant” and check bank statements and credit reports for discrepancies.
Law enforcement has been notified and told the company, “Cleo took steps to investigate the event and address the identified vulnerabilities.”
Cleo’s software was separately hacked by a ransomware group last year.
The Independent has contacted Cleo for comment.
