Automobile rental big Hertz is alerting clients that private data together with bank card particulars and Social Safety numbers might have been stolen in an information breach that impacted one of many agency’s distributors. In a notice posted to its website, Hertz says that firm knowledge “was acquired by an unauthorized third-party” throughout a cyberattack exploiting zero-day vulnerabilities throughout the Cleo Communications file switch platform between October 2024 and December 2024.
The info theft was confirmed by Hertz on February tenth, with additional evaluation on April 2nd concluding that clients’ names, contact data, dates of beginning, bank card data, driver’s license particulars, and data associated to staff’ compensation claims might have been uncovered by the breach. Hertz additionally says that “a really small variety of people” had their Social Safety numbers taken within the breach, together with passport numbers and different government-issued identification knowledge.
Hertz says that the incident is being reported to legislation enforcement and related regulators, and that Cleo has since addressed “the recognized vulnerabilities.”
The web site discover is viewable throughout a number of areas, together with the US, Canada, the European Union, the UK, and Australia. Hertz has not revealed what number of of its clients have been impacted by the breach however says it’s “not conscious of any misuse of private data for fraudulent functions in reference to the occasion.” We have now requested Hertz to make clear what number of clients are affected.
The group or particular person answerable for the cyberattack has not been recognized. Cleo, which is utilized by a variety of worldwide organizations, was notably focused by a mass-hacking campaign in October last year. The Russia-affiliated Clop ransomware gang later claimed duty for these assaults, leaking Cleo firm knowledge on its extortion web site and itemizing 59 organizations it claimed to have breached through vulnerabilities in Cleo’s platform.