Hertz says customers' personal data and driver's licenses stolen in data breach
a year ago
- #ransomware
- #data-breach
- #cybersecurity
- Hertz notifies customers of a data breach involving personal information and driver’s licenses.
- The breach occurred due to a cyberattack on vendor Cleo between October and December 2024.
- Stolen data includes names, dates of birth, contact info, driver’s licenses, payment card details, and workers’ compensation claims.
- Some customers had Social Security numbers and government-issued IDs stolen.
- Affected regions include Australia, Canada, the EU, New Zealand, the UK, and parts of the U.S.
- At least 3,400 customers in Maine were impacted, but the total number is likely higher.
- Hertz denies millions were affected but does not provide exact figures.
- The breach was linked to Cleo, exploited by the Russia-linked Clop ransomware gang via a zero-day vulnerability.
- Clop claimed to have stolen data from nearly 60 companies using the Cleo exploit.
- Hertz initially denied impact but later confirmed data was stolen from Cleo’s platform.