Every so often, Central Computers — one of the last remaining dedicated Silicon Valley computer stores — lets subscribers know it’s managed to obtain a small shipment of AMD graphics cards. Today, it informed me that I could now purchase a $600 Radeon RX 9070 XT for $850 — a $250 markup.

It’s not alone. I just checked every major US retailer and street prices on eBay, and I regret to inform you: the great GPU shortage has returned. Many AMD cards are being marked up $100, $200, $250, even $280. The street price of an Nvidia RTX 5080 is now over $1,500, a full $500 higher than MSRP. And an RTX 5090, the most powerful consumer GPU? You can’t even get the $2,000 card for $3,000 today.

Here, I’ve built tables to show you:

You shouldn’t just blame tariffs for these price hikes. In early March, we found retailers were already scalping their supposedly entry-level MSRP models of the new AMD graphics cards. Nor is this likely to just be high demand, given how few cards are changing hands on eBay: only around 1,100 new Nvidia GPUs, and around 266 new AMD GPUs were listed there over the past 30 days.

Here’s a deeper dive on the “MSRP” models of the AMD cards, which were all originally listed at $549 or $599:

I’ve focused this table on Newegg and Micro Center since they carry more models than any other retailer, though I also spotted “MSRP” 9070 XT cards at $800 and $850 at Amazon today, and an $830 card at Best Buy. Otherwise, these are the new sticker prices, not necessarily attainable prices, as most were out of stock.

From December 2020 to July 2022, I periodically tracked the prices of game consoles and GPUs during the covid-19 pandemic, when they were incredibly expensive to obtain. At one point, some GPUs were worth triple their MSRP. I’d love to hear from Verge subscribers in particular: is this a valuable service we should continue in the tariff era? Or do you just want to know when it’s safe to enter the water again?

Most companies use different vendors to run different parts of their business, such as customer management, finances, payroll and social media. To do this, they share access to customer data with these platforms. The issue is that not all vendors take cybersecurity seriously, and hackers are well aware of that. 

More and more, attackers are going after these weaker links in the digital supply chain. These kinds of breaches often happen quietly, exposing large amounts of customer information without touching a company’s main systems. It’s becoming a serious concern for both businesses and their customers. 

One of the latest cases involves Hertz, the car rental giant, which recently confirmed that customer data was exposed because of a cyberattack on one of its software vendors.

Join the FREE “CyberGuy Report”: Get my expert tech tips, critical security alerts and exclusive deals, plus instant access to my free “Ultimate Scam Survival Guide” when you sign up!

What happened at Hertz?

Hertz, the global car rental company that also operates Dollar and Thrifty, has disclosed a data breach affecting thousands of its customers. The incident stems from a cyberattack on one of its third-party vendors, software provider Cleo, between October and December 2024. The breach did not compromise Hertz’s internal systems directly but involved data that had been shared with the vendor as part of its operational workflow.

The compromised data varies by region but includes sensitive personal information such as names, dates of birth, contact details, driver’s license numbers and, in some cases, Social Security numbers and other government-issued IDs. Certain financial information, including payment card details and workers’ compensation claims, was also among the stolen records.

In the U.S., disclosures were filed with regulatory bodies in California, Texas and Maine. Specifically, 3,457 individuals were affected in Maine and 96,665 in Texas. The total global impact, however, is believed to be far greater. Customers in Australia, Canada, the EU, New Zealand and the U.K. were also notified via breach notices on Hertz’s regional websites.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

The breach is believed to be the work of the Clop ransomware gang, a well-known Russia-linked hacking group. Clop exploited a zero-day vulnerability in Cleo’s enterprise file transfer software, technology used by many large organizations to securely transmit sensitive business data. In 2024, the gang launched a mass-hacking campaign targeting Cleo users, ultimately stealing data from more than 60 companies, including Hertz.

Interestingly, while Hertz was named on Clop’s dark web leak site in 2024, the company initially stated it had “no evidence” its systems or data had been compromised.

When contacted by CyberGuy, a Hertz spokesperson said, “At Hertz, we take the privacy and security of personal information seriously. This vendor event involves Cleo, a file transfer platform used by Hertz for limited purposes. Importantly, to date, our forensic investigation has found no evidence that Hertz’s own network was affected by this event. However, among many other companies affected by this event, we have confirmed that Hertz data was acquired by an unauthorized third party that we understand exploited zero-day vulnerabilities within Cleo’s platform in October 2024 and December 2024.”

Hertz rental location (Hertz)

200 MILLION SOCIAL MEDIA RECORDS LEAKED IN MAJOR X DATA BREACH

What does this mean for customers?

While Hertz’s internal systems were not breached, the exposure of personal data, including driver’s license numbers, contact details and government-issued IDs, poses serious risks. Affected individuals may be vulnerable to identity theft, fraudulent account openings and targeted phishing attempts. If Social Security numbers were involved, the potential for harm increases significantly. Anyone who rented from Hertz, Dollar or Thrifty between October and December 2024 should be on high alert.

A hacker at work (Kurt “CyberGuy” Knutsson)

MALWARE EXPOSES 3.9 BILLION PASSWORDS IN HUGE CYBERSECURITY THREAT

7 ways to protect yourself after the Hertz data breach

If you think you were affected or just want to be cautious, here are some steps you can take right now to stay safe from the Hertz data breach.

1. Watch out for phishing scams and use strong antivirus software: With access to your email, phone number or identification documents, attackers can craft convincing phishing emails pretending to be from healthcare providers or banks. These emails might include malicious links designed to install malware or steal login information. To defend yourself, use a strong antivirus program. Get my picks of the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

2. Scrub your data from the internet using a personal data removal service: The more exposed your personal information is online, the easier it is for scammers to use it against you. Following the Hertz breach, consider removing your information from public databases and people-search sites. Check out my top picks for data removal services here.

3. Safeguard against identity theft and use identity theft protection: Hackers now have access to high-value information from the Hertz breach, including Social Security numbers, driver’s license and bank information. This makes you a prime target for identity theft. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. Signing up for identity theft protection gives you 24/7 monitoring, alerts for unusual activity and support if your identity is stolen. See my tips and best picks on how to protect yourself from identity theft.

4. Set up fraud alerts: Requesting fraud alerts notifies creditors that they need extra verification before issuing credit in your name. You can request fraud alerts through any one of the three major credit bureaus; they’ll notify the others. This adds another layer of protection without completely freezing access to credit. 

5. Monitor your credit reports: Check your credit reports regularly through AnnualCreditReport.com, where you can access free reports from each bureau once per year or more frequently if you’re concerned about fraud. Spotting unauthorized accounts early can prevent larger financial damage.

6. Change passwords and use a password manager: Update passwords on any accounts tied to compromised data. Use unique passwords that are hard to guess and let a password manager do the heavy lifting by generating secure ones for you. Reused passwords are an easy target after breaches. Consider password managers for convenience and security. Get more details about my best expert-reviewed password managers of 2025 here.

7. Be wary of social engineering attacks: Hackers may use stolen details like names or birth dates from breaches in phone scams or fake customer service calls designed to trick you into revealing more sensitive info. Never share personal details over unsolicited calls or emails. Social engineering attacks rely on trust, and vigilance is key. 

HACKERS USING MALWARE TO STEAL DATA FROM USB FLASH DRIVES

Kurt’s key takeaway

Cyber risk doesn’t always come from a company’s own network. It often originates in unseen corners of the digital supply chain. Even as companies double down on internal cybersecurity, they must be equally rigorous in how they vet and monitor third-party vendors. For consumers, it’s no longer enough to trust the big brand on the label. The data trail is wider, the attack surface larger and the consequences far more opaque. 

If companies can’t protect our data, should they be allowed to collect so much of it? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you’d like us to cover.

Follow Kurt on his social channels:

Answers to the most-asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

For sale: one browser, very popular. As the remedies phase of the Google Search trial heats up, two things have become very clear. The US government would really like to force Google to sell Chrome, and there are a lot of companies interested in buying it. What do you really get when you buy the world’s most popular browser, though? And what would it really cost?

On this episode of The Vergecast, Nilay, David, and The Verge’s Jake Kastrenakes try and find the right buyer for Chrome. But before that, we have some news to get to. News including that we won the Webby Award for Best Technology Podcast! Thanks again to everyone who voted for us — we were up against some excellent competition, and we’re thrilled you picked us. We also have some Party Speaker Capitalism Updates, some thoughts and stories about trying to buy a Switch 2, and a lot of confusing new information about tariffs. I mean, it’s one gadget, Michael. What could it cost, ten dollars?

After that, we head into the courtroom, where both Google and Meta are fighting for their antitrust lives. We talk about what the trial means for AI companies and search competitors alike, and why there aren’t as many realistic Chrome buyers as you might think. There might only be one that makes sense. (One we fail to even consider: Yahoo, which said it was interested just after we finished recording.) We also discuss Instagram co-founder Kevin Systrom’s scorching testimony in the Meta trial, and why it might be damaging to Meta’s case.

If you want to know more about everything we discuss in this episode, here are some links to get you started, first in gadget and tariff news:

And in the lightning round: