Hertz, a car rental giant that also owns the dollar and rif brand, has notified its customers of data breaches that damage personal information and driver’s licenses.
TechCrunch Report Hertz was the disclosure of data breaches caused by a cyberattack from one of its vendors, Cleo, between October and December 2024. This violation exposed various types of personal data belonging to HERTZ customers in several regions, including the US, Australia, Canada, the EU, New Zealand and the UK.
Compromised information varies by region, but generally includes customer name, date of birth, contact details, driver’s license, payment card information, and worker’s compensation claims. A small subset of customers also included Social Security numbers and other government-issued identification numbers that were stolen in violations.
Hertz did not provide an exact number of individuals affected, but a company spokesperson said it was inaccurate to suggest that millions of customers were affected. However, disclosures made to several US states, such as California and Maine, show that the violations likely affected a significant number of people, with at least 3,400 customers being affected in Maine alone.
The data breaches date back to Cleo, a software maker that fell victim to a massive hacking campaign by Russia-linked CLOP ransomware gangs in 2024. Violating these systems allowed attackers to steal huge amounts of data from Cleo’s corporate customers.
Hertz, along with dozens of other companies using Cleo’s software at the time, had been stealing data during the campaign. Initially, when the Clop ransomware gang named Hertz one of the victims of a dark web leak site, the car rental company said there was no evidence that its data or systems were affected. However, Hertz has confirmed that data has actually been retrieved by a fraudulent third party that exploited a zero-day vulnerability on Cleo’s platform.
The CLOP ransomware gang data extortion campaign has become one of 2024’s most notable mass hacks, with nearly 60 companies claiming as victims in the early stages and dozens more in subsequent posts. The incident highlights the importance of third-party risk management and the possibility of vulnerabilities in which widely used software was exploited by malicious actors.
Hertz emphasized that there is no evidence that its own network is affected by violations, and that compromised data is accessed through the exploitation of vulnerabilities on Cleo’s platform. The company is currently in the process of notifying affected customers and may have begun implementing measures to mitigate the impact of the violation and prevent future incidents.
Please read more TechCrunch here.
Lucas Nolan is a reporter for Breitbart News, which covers the issues of freedom of speech and online censorship.
