Hertz, the prominent car rental company, has alerted its customers about a significant data breach that exposed personal information, including driver’s licences. This incident stems from a cyberattack on one of Hertz’s vendors, Cleo, which occurred between October and December 2024. Hertz also operates the Dollar and Thrifty brands.
The breach has led to the compromise of varying customer data based on region, primarily impacting names, dates of birth, contact details, driver’s licence information, payment card details, and worker’s compensation claims. Notably, a smaller portion of affected customers had their Social Security numbers and other government-issued IDs exposed.
Hertz has issued notifications regarding this security incident across multiple countries, including Australia, Canada, the European Union, New Zealand, and the United Kingdom, via their official website. Additionally, they reported the breach to several U.S. states, specifically California, Maine, and Texas. So far, Hertz has confirmed that over 3,400 customers were impacted in Maine and around 96,665 in Texas, though the total number of individuals affected is expected to be much greater.
Emily Spencer, a Hertz spokesperson, declined to provide a precise figure on those impacted but indicated that the number does not reach millions. The breach has been attributed to vulnerabilities within Cleo’s software, which was previously targeted by the Clop ransomware gang, a group linked to Russia. This gang exploited a zero-day vulnerability in Cleo’s enterprise file transfer products, which are widely utilised by various corporations, enabling them to share sensitive data securely. The hackers have claimed to have breached nearly 60 companies through this method, making it one of the most significant data extortion campaigns of 2024.
At the time of the original attack, Hertz asserted that they did not believe their own systems were compromised. Nevertheless, on a recent occasion, Hertz confirmed that while their internal network remained secure, data related to Hertz customers was obtained by an unauthorised third party as a result of the Cleo breach. This revelation has raised concerns about the measures companies take to protect consumer data shared with third-party vendors.
As the situation develops, Hertz continues to investigate the full extent of the breach and its implications for customer data security. Regular updates regarding the incident, including any further findings or details, are anticipated.
Fanpage: TechArena.au
Watch more about AI – Artificial Intelligence
