Hertz is alerting customers to a data breach involving drivers’ license num
bers and other personal information following a hack in its supply chain.
The car-rental company said in a posting on its website that it completed an
analysis of the incident on April 2 and determined the affected information may include names, credit-card da
ta, driver’s license information and details related to workers’ compensation
claims. The company confirmed in February that attackers obtained Hert
data during a security incident at a vendor, an enterprise software firm Cleo Communications US, according to the posting.
“Our forensic investigation has found no evidence that Hertz’s own network was affected by this event,” according to a state
ment provided by a company spokesperson on Monday. “However, among many
other companies affected by this event, we have confirmed that Hertz data
was acquired by an unauthorized third party that we understand exploited z
ero-day vulnerabilities within Cleo’s platform in October 2024 and December 2024.”
Hertz uses Cleo for limited purposes, the car-rental company said.
See more beautiful photo albums Here >>>
A ransomware group last year leveraged Cleo technology to target some of the company’s partners, according to the cy
bersecurity firm Huntress. Cleo in December released an update to address the software flaws.
A representative for Cleo didn’t immediately respond to a request for comment.
TechCrunch previously reported on the security incident.