The Hertz car rental giant has begun to alert its customers of data breach that included their personal information and driving licenses.
The rental company, which also owns the dollar and financial trademarks, said To notifications on his website That the violation is related to a cyberettack to one of its sellers from October 2024 and December 2024.
The stolen data varies with the area, but they largely include Hertz’s customer names, birth dates, contact details, driving licenses, payment card information and employee compensation claims. Hertz said a smaller number of customers had the social security numbers obtained in the breach, along with other government recognition numbers.
Hertz sites notifications revealed customer breach Australia; Canadathe European Union; New Zealandand United Kingdom.
Hertz also revealed the violation of many US states, including California and Maine. Hertz said at least 3,400 customers in Maine were affected, but did not list the total number of affected people, who may be significantly higher.
Emily Spencer, a spokesman for Hertz, will not provide Techcrunch a certain number of people affected by the breach, but said it would be “inaccurate to say millions” of the affected customers.
The company attributed the breach to a supplier, Cleo software manufacturer, who was at the center of a mass -produced campaign by a productive gang of Ransomware associated with Russia.
Hertz is one of the dozens of companies that used CLEO software at the time of their data theft. The Clop Ransomware gang claimed last year that it took advantage of a zero day’s vulnerability to Cleo’s widely used files, which allow companies to share large sets of sensitive data online. In violation of these systems, hackers stole the data from Cleo’s corporate customers.
Shortly afterwards, the Ransomware Clop gang claimed on the Dark Web leak site that stole data from about 60 companies, taking advantage of the error in Cleo systems. In a later position, Clop claimed dozens of more supposed corporate victims.
The blackmail campaign became one of the most notable mass of 2024.
At that time, Hertz, who was named on the clop site, said he had no “evidence” that hertz or Hertz data were influenced.
On Monday, a Hertz spokesman told TechCrunch that he found no evidence that Hertz’s network was influenced by the breach, but confirmed that the HERTZ data “was obtained by an unauthorized third part that we understand the 20th of the 20th of the 20th of the 20th.
An executive Cleo did not respond to TechCrunch’s research on Monday.
