Hertz Australia confirms Australian customers impacted by global Hertz data breach

[SYD]

Another day, another data breach….driver’s licenses, payment card information, and passports…!

Exclusive: Hertz Australia confirms Australian customers impacted by global Hertz data breach

Hertz has begun notifying customers whose data – including driver’s licenses, payment card information, and passports – was compromised via a 2024 Cleo file-sharing vulnerability.

www.cyberdaily.au

Anyone been contacted?

 

[DC3]

Anyone been contacted?

Not that we know of. And no email for me.

 

[Ansett Nostalgic]

Any compensation forthcoming?

 

[SYD]

Nothing in the article.

It’s unclear if it was a direct breach of Hertz AU customers or AU clients travelling OS.

The breaches occurred in Oct and Dec 2024 (a few days after my last Hertz rental…albeit, that was in NZ). But they’ve only recently confirmed the extent of the data breach.

 

[DC3]

Nothing yet?

 

[markis10]

From the .com.au website:

Notice of Data Incident
The Hertz Corporation, on behalf of Hertz, Dollar and Thrifty brands (collectively, “Hertz,” “we,” or “us”), is providing notice of
an event involving Cleo Communications US, LLC (“Cleo”), a vendor of Hertz, that may have impacted the personal
information of certain individuals. This notice provides details about the event, measures we have taken in response, and
additional steps potentially impacted individuals can take to help protect their personal information, if they feel it is necessary
to do so.
Cleo is a vendor that provides a file transfer platform used by Hertz for limited purposes. On February 10, 2025, we confirmed
that Hertz data was acquired by an unauthorized third party that we understand exploited zero-day vulnerabilities within
Cleo’s platform in October 2024 and December 2024. Hertz immediately began analyzing the data to determine the scope of
the event and to identify individuals whose personal information may have been impacted.
We completed this data analysis on April 2, 2025, and concluded that the personal information involved in this event may
include the following regarding Australian individuals: name, contact information, date of birth, driver’s license information
and payment card information. A very small number of such individuals may have had their passport information impacted by
the event.
Hertz takes the privacy and security of personal information seriously. To that end, Hertz has confirmed that Cleo took steps to
investigate the event and address the identified vulnerabilities. Hertz also reported this event to law enforcement and is in the
process of reporting the event to relevant regulators. Further, out of an abundance of caution, Hertz has secured the services
of Kroll to provide two years of identity monitoring services to potentially impacted individuals at no cost.
While Hertz is not aware of any misuse of personal information for fraudulent purposes in connection with the event, we
encourage potentially impacted individuals, as a best practice, to remain vigilant to the possibility of fraud or errors by
reviewing account statements and monitoring credit reports for any unauthorized activity and reporting any such activity.
For More Information. We understand that there may be questions about this event that are not addressed in this notice. For
additional information, please call + +44 20 3807 8188 Monday through Friday, from 09:00 to 17:00 GMT