Automotive rental big Hertz is alerting clients that private data together with bank card particulars and Social Safety numbers might have been stolen in an information breach that impacted one of many agency’s distributors. In a discover posted to its web site, Hertz says that firm knowledge “was acquired by an unauthorized third-party” throughout a cyberattack exploiting zero-day vulnerabilities throughout the Cleo Communications file switch platform between October 2024 and December 2024.
The info theft was confirmed by Hertz on February tenth, with additional evaluation on April 2nd concluding that clients’ names, contact data, dates of beginning, bank card data, driver’s license particulars, and data associated to employees’ compensation claims might have been uncovered by the breach. Hertz additionally says that “a really small variety of people” had their Social Safety numbers taken within the breach, together with passport numbers and different government-issued identification knowledge.
Hertz says that the incident is being reported to regulation enforcement and related regulators, and that Cleo has since addressed “the recognized vulnerabilities.”
The web site discover is viewable throughout a number of areas, together with the US, Canada, the European Union, the UK, and Australia. Hertz has not revealed what number of of its clients have been impacted by the breach however says it’s “not conscious of any misuse of non-public data for fraudulent functions in reference to the occasion.” We now have requested Hertz to make clear what number of clients are affected.
The group or particular person accountable for the cyberattack has not been recognized. Cleo, which is utilized by a variety of worldwide organizations, was notably focused by a mass-hacking marketing campaign in October final yr. The Russia-affiliated Clop ransomware gang later claimed accountability for these assaults, leaking Cleo firm knowledge on its extortion web site and itemizing 59 organizations it claimed to have breached through vulnerabilities in Cleo’s platform.