Car rental large Hertz is alerting clients that non-public data together with bank card particulars and Social Security numbers might have been stolen in an information breach that impacted one of many agency’s distributors. In a discover posted to its web site, Hertz says that firm knowledge “was acquired by an unauthorized third-party” throughout a cyberattack exploiting zero-day vulnerabilities inside the Cleo Communications file switch platform between October 2024 and December 2024.
The knowledge theft was confirmed by Hertz on February tenth, with additional evaluation on April 2nd concluding that clients’ names, contact data, dates of start, bank card data, driver’s license particulars, and knowledge associated to employees’ compensation claims might have been uncovered by the breach. Hertz additionally says that “a really small variety of people” had their Social Security numbers taken within the breach, together with passport numbers and different government-issued identification knowledge.
Hertz says that the incident is being reported to regulation enforcement and related regulators, and that Cleo has since addressed “the recognized vulnerabilities.”
The web site discover is viewable throughout a number of areas, together with the US, Canada, the European Union, the United Kingdom, and Australia. Hertz has not revealed what number of of its clients have been impacted by the breach however says it’s “not conscious of any misuse of private data for fraudulent functions in reference to the occasion.” We have requested Hertz to make clear what number of clients are affected.
The group or particular person liable for the cyberattack has not been recognized. Cleo, which is utilized by a variety of worldwide organizations, was notably focused by a mass-hacking marketing campaign in October final yr. The Russia-affiliated Clop ransomware gang later claimed accountability for these assaults, leaking Cleo firm knowledge on its extortion web site and itemizing 59 organizations it claimed to have breached through vulnerabilities in Cleo’s platform.
