Hertz Data Breach: Personal Data and Driver's Licenses Compromised – What You Need to Know

Hertz Data Breach: Personal Data and Driver’s Licenses Compromised – What You Need to Know

Hertz, a leading car rental company, has recently informed its customers about a significant data breach that has compromised personal information, including driver’s licenses. This cyber incident raises serious concerns for customers worldwide, highlighting the importance of data security in the rental industry.

Details of the Data Breach

The data breach at Hertz resulted from a cyberattack on one of its vendors, Cleo Software, between October 2024 and December 2024. The affected customers include those from various regions, such as:

  • Australia
  • Canada
  • European Union
  • New Zealand
  • United Kingdom

In addition, Hertz has notified several U.S. states, including California and Maine, about the breach. Reports indicate that at least 3,400 customers in Maine were affected, but the total number of impacted individuals is likely much higher.

Types of Affected Information

The stolen data varies by region and primarily includes:

  • Customer names
  • Dates of birth
  • Contact information
  • Driver’s licenses
  • Payment card details
  • Workers’ compensation claims
  • Social Security numbers (for a smaller number of customers)
  • Other government-issued identification numbers

Emily Spencer, a spokesperson for Hertz, emphasized that while the breach is serious, it would be “inaccurate to say millions” of customers are affected. However, specific numbers have not been disclosed.

Background on Cleo Software and the Cyberattack

The breach is linked to Cleo Software, which faced a mass-hacking campaign last year orchestrated by a notorious Russia-linked ransomware group, the Clop gang. This group claimed to have exploited vulnerabilities in Cleo’s enterprise file transfer products, which are used by numerous companies, including Hertz, to share sensitive information securely over the internet.

READ ALSO  HPE Alerts Data Breach Victims Following Russian Government Cyberattack

Following the attack, Clop claimed to have stolen data from nearly 60 companies by exploiting these vulnerabilities. This incident has been characterized as one of the most significant mass-hacks of 2024.

Company Response

Initially, Hertz stated it had “no evidence” that its systems were compromised. However, they have since confirmed that customer data was accessed by an unauthorized third party, who exploited vulnerabilities in Cleo’s platform. As of now, a representative from Cleo has not responded to inquiries regarding the breach.

For more information on data security and how to protect your personal information, consider visiting FTC’s guide on securing personal data.

Stay updated on further developments regarding this breach and other important news in the rental industry by visiting our news section.

Similar Posts

Ekuinas Boosts Malaysia's Cybersecurity Resilience with Strategic Investment in Bluesify

Ekuinas Boosts Malaysia’s Cybersecurity Resilience with Strategic Investment in Bluesify

Bysupport

Ekuiti Nasional Berhad (Ekuinas) has invested in Bluesify Solutions, a leading Malaysian Managed Security Service Provider, to bolster the country’s cybersecurity amid increasing digital threats. Founded in 2012, Bluesify offers a range of services, including 24/7 managed cyber detection and response, threat intelligence, and incident response for various sectors like finance, energy, and healthcare. Ekuinas CEO highlighted the urgent need for this investment to strengthen Malaysia’s cybersecurity landscape and expand Bluesify’s capabilities. The company aims to grow regionally, capitalizing on the Southeast Asian cybersecurity market, expected to reach US$7.1 billion by 2029, while delivering advanced AI-driven solutions.

NTT Com: Major Data Breach Exposes Information of Nearly 18,000 Organizations

NTT Com: Major Data Breach Exposes Information of Nearly 18,000 Organizations

Bysupport

NTT Communications confirmed a significant data breach affecting nearly 18,000 corporate customers, as hackers accessed an internal system managing service orders. Discovered on February 5, the breach compromised customer names, contract numbers, phone numbers, email addresses, physical addresses, and service usage details. Although immediate actions were taken to secure the system, a second compromised device was found on February 15. The identity of the hackers remains unknown, with no major group claiming responsibility. This incident highlights the increasing risks telecom companies face from cybercriminals, emphasizing the potential for identity theft and financial fraud.

UN Security Council Meeting Sparks Urgent Call for Global Spyware Regulations by Governments

UN Security Council Meeting Sparks Urgent Call for Global Spyware Regulations by Governments

Bysupport

The recent UN Security Council meeting marked a historic discussion on commercial spyware, addressing its implications for international peace and security. Convened by the U.S. and supported by 15 countries, the meeting highlighted the urgent need for regulatory measures, with Poland and Greece proposing local legislative actions. However, Russia and China dismissed the concerns, with Russia accusing the U.S. of promoting global surveillance. Experts warned that the rise of spyware threatens human rights, with Europe identified as a hub for abuses. The U.S. has taken actions against spyware companies, including sanctions and travel bans, under the Biden administration.

Eclypsium Secures $45M to Strengthen Supply Chain Security Against Growing Cyber Threats

Eclypsium Secures $45M to Strengthen Supply Chain Security Against Growing Cyber Threats

Bysupport

Eclypsium, a leader in infrastructure supply chain security, has raised $45 million in an oversubscribed Series C funding round, bringing its total equity funding to $85 million. The round attracted new investors including Qualcomm Ventures and Pavilion Capital, alongside returning investors like Andreessen Horowitz. The funding will enhance security for generative AI hardware, smart devices, and expand operations in North America and APAC. Eclypsium aims to bolster its supply chain research lab for security assurance services. CEO Yuriy Bulygin emphasized the need to protect infrastructure from nation-state threats, reinforcing their commitment to cybersecurity leadership.

Fortinet Firewall Vulnerability: Hackers Targeting Company Networks in New Exploit

Fortinet Firewall Vulnerability: Hackers Targeting Company Networks in New Exploit

Bysupport

Security researchers have identified a critical vulnerability, CVE-2024-55591, in Fortinet’s firewalls, specifically FortiGate devices, which is actively being exploited by hackers. Fortinet confirmed the issue, which has been under attack since December, with a significant rise in exploitation attempts, particularly on devices with exposed management interfaces. Cybersecurity firm Arctic Wolf noted a coordinated effort to exploit numerous devices quickly, potentially linked to ransomware operators. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) urges Fortinet customers to promptly update their devices, review security protocols, and monitor for suspicious activities to mitigate risks.

Genea Confirms Data Breach: Australian IVF Leader Targeted in Cyberattack

Genea Confirms Data Breach: Australian IVF Leader Targeted in Cyberattack

Bysupport

Genea IVF, a major Australian fertility treatment provider, has reported a significant cybersecurity incident affecting patient services and potentially compromising sensitive information. Following inquiries from ABC, Genea engaged crisis management firm Porter Novelli and confirmed they are urgently investigating the breach. The company has experienced disruptions, including outages in phone lines and the temporary shutdown of the MyGenea app. While Genea has not disclosed what specific data was accessed, they collect sensitive health information. They assure patients that they are committed to transparency and will inform affected individuals if any personal information is compromised.

Leave a Reply

Your email address will not be published. Required fields are marked *