Most companies use different vendors and use different vendors Part of their businesscustomer management, finance, salaries, social media, etc. To do this, we share access to customer data across these platforms. The problem is that not all vendors take cybersecurity seriously, and hackers know it well.
More and more, attackers are chasing these weak links in the digital supply chain. These types of violations often occur quietly, exposing large amounts of customer information without touching the company’s main systems. It is becoming a serious concern for both businesses and their customers.
One of the latest cases includes car rental giant Hertz. This recently confirmed that customer data was made public due to a cyberattack at one of the software vendors.
Join the free CyberGuy Report: Get instant access to me in addition to expert technical tips, important security alerts, exclusive deals free “The ultimate fraud survival guide” When you sign up!
Hertz rental location (Hertz)
What happened in Hertz?
It is also owned by Hertz, a global car rental company that operates dollars and rifs. Data breaches have been disclosed It impacts thousands of customers. The incident stems from a cyberattack from October to December 2024 by software provider Cleo, one of the third-party vendors. This violation did not directly compromise Hertz’s internal systems, but included data shared with the vendor as part of the operational workflow.
The data breached varies by region but includes sensitive personal information such as your name, date of birth, contact details, driver’s license number, and in some cases Social Security number, and other government-issued IDs. Certain financial information, including payment card details and workers’ compensation claims, was also one of the stolen records.
In the United States, disclosures have been submitted to regulatory agencies in California, Texas and Maine. Specifically, 3,457 people were affected in Maine and 96,665 people in Texas. However, the global total impact is considered to be much greater. Customers from Australia, Canada, the EU, New Zealand and the UK were also notified via violation notices regarding Hertz’s regional website.
What is Artificial Intelligence (AI)?
The violation is believed to be the job of the well-known Russian-related hacking group, Clop ransomware gang. CLOP exploited a zero-day vulnerability in Cleo’s enterprise file transfer software, a technology used by many large organizations to securely transmit sensitive business data. In 2024, the gang launched a mass hacking campaign targeting CLEO users, eventually stealing data from over 60 companies, including Hertz.
Interestingly, Hertz was named Clop’s Dark Web Leak site in 2024, but the company initially stated that its system or data had “no evidence” that compromised.
When contacted by Cyberguy, a spokesman for Hertz said, “At Hertz, we take the privacy and security of our personal information seriously. This vendor event involves Cleo, a file transfer platform that Hertz used for limited purposes. A fraudulent third party who understands that they exploited zero-day vulnerabilities within Cleo’s platform in October 2024 and December 2024.”

Hertz rental location (Hertz)
200 million social media records have been leaked in major X data breaches
What does this mean for the customer?
Hertz’s internal systems are not breached, but exposure to personal data such as driver’s license number, contact details, and government-issued IDs poses serious risks. Influenced individuals may be vulnerable Personal information theftfraudulent account openings and targets Trying to phish. If Social Security numbers are involved, the chances of harm increase dramatically. Anyone who rents from Hertz, Dollar, or Thrifty from October to December 2024 should be on alert.

Hackers at work (Kurt “Cyberguy” Knutsson)
Malware reveals 3.9 billion passwords with huge cybersecurity threats
Seven Ways to Protect Yourself After a Hertz Data Breach
If you’re affected or just want to be careful, here are some steps you can take right now to keep you safe from HERTZ data breach.
1. Beware of phishing scams and use powerful antivirus software. By accessing an email, phone number, or ID, an attacker can create a confident phishing email pretending to be from a healthcare provider or bank. These emails may contain malicious links designed to steal malware and login information. To protect yourself, use a powerful anti-virus program. Get my picks for the best 2025 Antivirus Protection Winners for Windows, Mac, Android and iOS devices.
2. You use your personal data removal service to scrub your data from the Internet. The more personal information is exposed online, the easier it will be for a scammer to use it against you. Following a HERTZ violation, consider removing information from public databases and talent search sites. Check out our top picks for data deletion services.
3. Protect against identity theft and use identity theft protection. Hackers now have access to high value information from HERTZ violations, including Social Security Numbers, Driver’s Licenses and banking information. This makes it a major target for identity theft. They can also help freeze bank and credit card accounts to prevent further fraudulent use by criminals. Sign up for identity theft protection and get 24/7 surveillance, alerts for unusual activity, and support in case your identity is stolen. See my tips and best choices on how to protect yourself from identity theft.
Click here to get your Fox business on the go
4. Configuring fraud alerts: When you request a fraud alert, the creditor will notify you that additional verification is required before issuing a credit in your name. You can request fraud alerts through one of the three major credit agencies. They will notify others. This adds another layer of protection without completely freezing access to your credits.
5. Please monitor your credit report: Check your credit report regularly AnnualCredItReport.comIf you are worried about scams, you can access free reports from each station more than once a year frequently. Discovering unauthorized accounts early can prevent greater financial damage.
6. Change your password and use the password manager. Update the password for the account associated with the compromised data. Use unique, unique passwords that are difficult to guess, and let the password manager generate a secure password and run a heavy password. Reused passwords are simple targets after violations. Consider a password manager for convenience and security. Get my details Find the best expert reviewed password managers of 2025 here.
7. Beware of social engineering attacks: Hackers may use stolen details such as names and dates of birth from violations of telephone fraud, or use fake customer service calls designed to trick you into revealing more sensitive information. Please do not share your personal information via unsolicited phone or email. Social engineering attacks rely on trust, and vigilance is important.
Hackers steal data from USB flash drives using malware
Important points of cart
Cyber risk doesn’t always come from the company’s own network. It often comes from an invisible corner of the digital supply chain. Even if a company doubles its internal cybersecurity, the way it monitors and monitors third-party vendors must be equally strict. For consumers, trusting a big brand on a label is not enough. The data trail is wider, with a larger attack surface, and the results are much more opaque.
Click here to get the Fox News app
Should businesses be allowed to collect much of our data if they cannot protect our data? Write us and let us know cyberguy.com/contact.
For more information about my tech tips and security alerts, sign up for our free Cyberguy Report Newsletter cyberguy.com/newsletter.
Please ask Cart questions or tell us what stories you would like us to cover.
Follow your cart on his social channels:
Answers to the most accused Cyber Guy questions:
New from Cart:
Copyright 2025 cyberguy.com. Unauthorized reproduction is prohibited.