Topics
belated
AI
Amazon
Image Credits:Joe Raedle/Getty Images / Getty Images
Apps
Biotech & Health
Climate
Image Credits:Joe Raedle/Getty Images / Getty Images
Cloud Computing
DoC
Crypto
endeavor
EVs
Fintech
fund raise
Gadgets
back
Government & Policy
Hardware
Layoffs
Media & Entertainment
Meta
Microsoft
concealment
Robotics
protection
societal
place
startup
TikTok
fare
speculation
More from TechCrunch
Events
Startup Battlefield
StrictlyVC
Podcasts
television
Partner Content
TechCrunch Brand Studio
Crunchboard
Contact Us
Car rental giant Hertz has begun notifying its client of a data breach that admit their personal information and driver ’s license .
The rental company , which also possess the Dollar and Thrifty brands , saidin notices on its websitethat the breach have-to doe with to a cyberattack on one of its vendor between October 2024 and December 2024 .
The slip datum varies by region , but largely let in Hertz client names , date of giving birth , contact entropy , driver ’s licenses , payment scorecard information , and workers ’ compensation claims . Hertz said a smaller numeral of customers had their Social Security numbers drive in the breach , along with other administration - bring out identification number .
Notices on Hertz ’s web site disclosed the breach to client inAustralia , Canada , theEuropean Union , New Zealand , and theUnited Kingdom .
Hertz also disclosed the rift with several U.S. country , include California , Maine , and Texas . Hertz said at least 3,400 customers in Maine were dissemble , and some 96,665 customers in Texas , but neither listed the full number of affected individual , which is likely to be significantly higher .
Emily Spencer , a representative for Hertz , would not provide TechCrunch with a specific number of person affected by the break but said it would be “ inaccurate to say billion ” of customer are affected .
The company attributed the breach to a marketer , software maker Cleo , which last year wasat the kernel of a mass - hacking campaignby a prolific Russia - linked ransomware gang .
Hertz is one of lashings of companies that used Cleo ’s software program at the time of their data thieving . The Clop ransomware crew claimed last year to have exploit azero - day vulnerabilityin Cleo ’s wide used enterprise file conveyance products , which reserve companies to portion out large sets of tender data over the cyberspace . By offend these systems , the hack steal reams of data from Cleo ’s corporal customers .
Soon after , the Clop ransomware gang claimed on its dark World Wide Web escape website that itstole data from close to 60 companiesby exploiting the hemipteran in their Cleo system . In a later post , Clop claimed dozens more alleged collective victims .
The data extortion movement became one ofthe most noted mass - hack of 2024 .
At the time , Hertz , which was bring up on Clop ’s site , said it had “ no evidence ” that Hertz datum or Hertz system were affected .
On Monday , Hertz ’s spokesperson told TechCrunch it found no evidence that Hertz ’s own internet was involve by the breach , but confirm that Hertz data “ was learn by an unauthorized third party that we realize exploited zero - day vulnerability within Cleo ’s platform in October 2024 and December 2024 . ”
A Cleo executive did not respond to TechCrunch ’s question on Monday .
Updated April 15 with a unexampled breach filing in Texas .
