Car rental giant Hertz has begun notifying its customers of data breaches, including its personal information and driver’s license.
The rental company also owns a brand of dollar and frugality, he said In notifications on their website The violation is related to a cyber attack by a vendor between October 2024 and December 2024.
The stolen data varies by region, but largely includes Hertz customer name, date of birth, contact information, driver’s license, payment card information and worker compensation claims. Hertz said a handful of customers’ social security numbers and other government-issued identification numbers.
Notifications on Hertz’s website reveal violations to customers Australia,,,,, Canadathis European Union,,,,, New Zealandthis U.K..
Hertz also revealed violations in several U.S. dollars, including California and Maine. Hertz said at least 3,400 customers in Maine were affected, but the total number of affected people was not listed, which could increase significantly.
Hertz spokesman Emily Spencer will not provide TechCrunch for specific numbers affected by the breach, but said “inaccurately millions of customers” are affected.
The company attributed the violation to supplier Cleo software, last year it was At the center of mass campaign By prolific Russia and ransomware gangs.
Hertz is one of dozens of companies that use CLEO software when it comes to data theft. Clop ransomware gang claimed last year Zero-day vulnerability Among the enterprise file transfer products widely used by CLEO, this product allows companies to share large amounts of sensitive data over the Internet. By violating these systems, hackers stole data from Cleo’s enterprise customers.
Soon after, the Clop ransomware gang claimed on its dark net leaked website Stealed data from nearly 60 companies By exploiting errors in its CLEO system. In a later article, Klopp claimed dozens of alleged company victims.
Data ransomware activities become The most famous crowd in 2024.
At the time, Hertz, named on Clop’s website, said it had no “no evidence” that Hertz data or Hertz system was affected.
A Hertz spokesman told TechCrunch on Monday that there was no evidence that Hertz’s own network was affected by the breach, but confirmed that Hertz’s data “was acquired by an unauthorized third party, and we understand that we understand the exploitation of zero-day vulnerabilities within the Cleo platform in October 2024 and December 2024 and 2024.”
CLEO executives did not respond to TechCrunch’s investigation on Monday.
