this post was submitted on 15 Apr 2025
5 points (85.7% liked)

The Verge

104 readers
381 users here now

News community for TheVerge. Will be deleted or retired once the Verge officially supports ActivityPub in their site.

This is an automated RSS-Feed community. If you dislike RSS Feed communities consider blocking it, or the bot.

founded 1 month ago
MODERATORS
[email protected]
[email protected]
5
Hertz says hackers stole customer credit card and driver’s license data (www.theverge.com)
submitted 1 week ago by [email protected] to c/[email protected]
2 comments fedilink hide all child comments
 

SAN DIEGO, CALIFORNIA – FEBRUARY 28: A Hertz logo is displayed outside a rental shop on February 28, 2025 in San Diego, California. (Photo by Kevin Carter/Getty Images) Hertz says it’s “not aware of any misuse of personal information” stemming from the breach. | Image: Getty Images

Car rental giant Hertz is alerting customers that personal information including credit card details and Social Security numbers may have been stolen in a data breach that impacted one of the firm’s vendors. In a notice posted to its website, Hertz says that company data “was acquired by an unauthorized third-party” during a cyberattack exploiting zero-day vulnerabilities within the Cleo Communications file transfer platform between October 2024 and December 2024.

The data theft was confirmed by Hertz on February 10th, with further analysis on April 2nd concluding that customers’ names, contact information, dates of birth, credit card information, driver’s license details, and information related to workers’ compensation claims may have been exposed by the breach. Hertz also says that “a very small number of individuals” had their Social Security numbers taken in the breach, along with passport numbers and other government-issued identification data.

Hertz says that the incident is being reported to law enforcement and relevant regulators, and that Cleo has since addressed “the identified vulnerabilities.”

The website notice is viewable across multiple regions, including the US, Canada, the European Union, the United Kingdom, and Australia. Hertz has not revealed how many of its customers have been impacted by the breach but says it is “not aware of any misuse of personal information for fraudulent purposes in connection with the event.” We have asked Hertz to clarify how many customers are affected.

The group or individual responsible for the cyberattack has not been identified. Cleo, which is used by a wide range of global organizations, was notably targeted by a mass-hacking campaign in October last year. The Russia-affiliated Clop ransomware gang later claimed responsibility for those attacks, leaking Cleo company data on its extortion site and listing 59 organizations it claimed to have breached via vulnerabilities in Cleo’s platform.

From The Verge via this RSS feed

top 2 comments
sorted by: hot top controversial new old
[–] CobraChicken3000 4 points 1 week ago

Over and over again, these companies are demonstrating to us that they will not take care of your privacy, that they should not be entrusted with your private information, and that you are alone in trying to maintain your cyber security.

[–] [email protected] 1 points 1 week ago