Automobile rental big Hertz is alerting prospects that private info together with bank card particulars and Social Safety numbers might have been stolen in a knowledge breach that impacted one of many agency’s distributors. In a notice posted to its website, Hertz says that firm information “was acquired by an unauthorized third-party” throughout a cyberattack exploiting zero-day vulnerabilities inside the Cleo Communications file switch platform between October 2024 and December 2024.
The information theft was confirmed by Hertz on February tenth, with additional evaluation on April 2nd concluding that prospects’ names, contact info, dates of beginning, bank card info, driver’s license particulars, and knowledge associated to employees’ compensation claims might have been uncovered by the breach. Hertz additionally says that “a really small variety of people” had their Social Safety numbers taken within the breach, together with passport numbers and different government-issued identification information.
Hertz says that the incident is being reported to legislation enforcement and related regulators, and that Cleo has since addressed “the recognized vulnerabilities.”
The web site discover is viewable throughout a number of areas, together with the US, Canada, the European Union, the UK, and Australia. Hertz has not revealed what number of of its prospects have been impacted by the breach however says it’s “not conscious of any misuse of non-public info for fraudulent functions in reference to the occasion.” We now have requested Hertz to make clear what number of prospects are affected.
The group or particular person liable for the cyberattack has not been recognized. Cleo, which is utilized by a variety of world organizations, was notably focused by a mass-hacking campaign in October last year. The Russia-affiliated Clop ransomware gang later claimed duty for these assaults, leaking Cleo firm information on its extortion web site and itemizing 59 organizations it claimed to have breached by way of vulnerabilities in Cleo’s platform.