1. Forum
  2. Fidonet
  3. CONSPRCY

  • Hertz data breach sees cu

    From Mike Powell@1:2320/105 to All on Tue Apr 15 13:52:00 2025
    Potentially huge Hertz data breach sees customer personal info and driver licenses stolen

    Date:
    Tue, 15 Apr 2025 09:28:00 +0000

    Description:
    The number of affected Hertz customers is "not in the millions", the company says.

    FULL STORY

    Car rental giant Hertz has confirmed suffering cyberattack which saw it lose sensitive customer information.

    In a data breach notification letter published on its website, the company
    said that the incident involved Cleo Communications, a software company that provided file transfer services for Hertz for limited purposes.

    The report says an unidentified threat actor exploited a zero-day
    vulnerability in the Cleo platform to exfiltrate sensitive data in October
    and December 2024. The attack was spotted in mid-February 2025, prompting an investigation, with the analysis concluding some customer data was taken.

    We completed this data analysis on April 2, 2025, and concluded that the personal information involved in this event may include the following: name, contact information, date of birth, credit card information, drivers license information and information related to workers compensation claims, the announcement reads.

    A very small number of individuals may have had their Social Security or
    other government identification numbers, passport information, Medicare or Medicaid ID (associated with workers compensation claims), or injury-related information associated with vehicle accident claims impacted by the event.

    The exact number of affected individuals is not known at this time, with a company spokesperson saying it would be, inaccurate to say millions of customers are affected.

    The identity of the attackers, or the nature of the breach, is also unknown
    at this time. It most likely wasnt a ransomware attack, since it took the company months to realize it was hacked. That being said, this was most
    likely a simple data smash-and-grab.

    To mitigate the damages, Hertz is offering two years of identity monitoring
    and dark web monitoring services to potentially impacted individuals, through Kroll, at no cost.

    At press time, there was no evidence that the stolen data was misused in any way.

    Via TechCrunch

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/potentially-huge-hertz-data-breach-sees -customer-personal-info-and-driver-licenses-stolen

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)