U.S. rental car company Hertz Global Holdings said on Monday that some customer data may have been exposed following a cybersecurity incident involving one of its third-party vendors.
The breach, which occurred through Cleo Communicationsāa provider of file transfer servicesāstemmed from hackers exploiting zero-day vulnerabilities in the vendorās platform during October and December, Hertz said in a disclosure on its website.
See also: Hertz Reports $2.9 Billion Loss, Adjusts EV Strategy Amid Lower Demand
The compromised data could include customer contact details, credit card numbers, and driverās license information. A smaller subset of individuals may have had more sensitive data exposed, including Social Security or passport numbers, the company added.
āOur forensic investigation has found no evidence that Hertz’s own network was affected by this event,ā the company said in a statement to Reuters. It also noted that it is not aware of any cases where the exposed information has been misused for fraudulent purposes.
See also: Hertz Faces Challenges with EV Fleet Depreciation, Plans to Sell 30,000 EVs by End of 2024
The incident underscores the growing risk posed by third-party vendors in corporate cybersecurity, as attackers increasingly target external service providers as a pathway to sensitive information. Hertz did not specify how many customers were affected by the breach.