{"id":162087,"date":"2025-04-14T18:01:59","date_gmt":"2025-04-14T18:01:59","guid":{"rendered":"https:\/\/entertainment.runfyers.com\/index.php\/2025\/04\/14\/hertz-says-customers-personal-data-and-drivers-licenses-stolen-in-data-breach-techcrunch\/"},"modified":"2025-04-14T18:01:59","modified_gmt":"2025-04-14T18:01:59","slug":"hertz-says-customers-personal-data-and-drivers-licenses-stolen-in-data-breach-techcrunch","status":"publish","type":"post","link":"https:\/\/entertainment.runfyers.com\/index.php\/2025\/04\/14\/hertz-says-customers-personal-data-and-drivers-licenses-stolen-in-data-breach-techcrunch\/","title":{"rendered":"Hertz says customers&#8217; personal data and driver&#8217;s licenses stolen in data breach | TechCrunch"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p id=\"speakable-summary\" class=\"wp-block-paragraph\">Car rental giant Hertz has begun notifying its customers of a data breach that included their personal information and driver\u2019s licenses.<\/p>\n<p class=\"wp-block-paragraph\">The rental company, which also owns the Dollar and Thrifty brands, said <a href=\"https:\/\/www.hertz.com\/content\/dam\/hertz\/global\/resources\/Notice_of_Data_Incident-United_States.pdf\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">in notices on its website<\/a> that the breach relates to a cyberattack on one of its vendors between October 2024 and December 2024. <\/p>\n<p class=\"wp-block-paragraph\">The stolen data varies by region, but largely includes Hertz customer names, dates of birth, contact information, driver\u2019s licenses, payment card information, and workers\u2019 compensation claims. Hertz said a smaller number of customers had their Social Security numbers taken in the breach, along with other government-issued identification numbers.<\/p>\n<p class=\"wp-block-paragraph\">Notices on Hertz\u2019s websites disclosed the breach to customers in <a href=\"https:\/\/www.hertz.com\/content\/dam\/hertz\/global\/resources\/Notice_of_Data_Incident-AU.pdf\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Australia<\/a>, <a href=\"https:\/\/www.hertz.com\/content\/dam\/hertz\/global\/resources\/Notice_of_Data_Incident-CAN.pdf\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Canada<\/a>, the <a href=\"https:\/\/www.hertz.com\/content\/dam\/hertz\/global\/resources\/Notice_of_Data_Incident-EU.pdf\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">European Union<\/a>, <a href=\"https:\/\/www.hertz.com\/content\/dam\/hertz\/global\/resources\/Notice_of_Data_Incident-NZ.pdf\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">New Zealand<\/a>, the <a href=\"https:\/\/www.hertz.com\/content\/dam\/hertz\/global\/resources\/Notice_of_Data_Incident-UK.pdf\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">United Kingdom<\/a>.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">Hertz also disclosed the breach with several U.S. states, including California and Maine. Hertz said at least 3,400 customers in Maine were affected, but did not list the total number of affected individuals, which is likely to be significantly higher.<\/p>\n<p class=\"wp-block-paragraph\">Emily Spencer, a spokesperson for Hertz, would not provide TechCrunch with a specific number of individuals affected by the breach but said it would be \u201cinaccurate to say millions\u201d of customers are affected.<\/p>\n<p class=\"wp-block-paragraph\">The company attributed the breach to a vendor, Cleo Software, which last year was <a href=\"https:\/\/techcrunch.com\/2024\/12\/10\/hackers-are-exploiting-a-flaw-in-popular-file-transfer-tools-to-launch-mass-hacks-again\/\" target=\"_blank\" rel=\"noreferrer noopener\">at the center of a mass-hacking campaign<\/a> by a prolific Russia-linked ransomware gang.<\/p>\n<p class=\"wp-block-paragraph\">Hertz is one of dozens of companies that used Cleo Software at the time of their data thefts. The Clop ransomware gang claimed last year to have exploited a <a href=\"https:\/\/techcrunch.com\/2024\/12\/23\/techcrunch-reference-guide-to-security-terminology\/#zero-day\" target=\"_blank\" rel=\"noopener\">zero-day vulnerability<\/a> in Cleo\u2019s widely used enterprise file transfer products, which allow companies to share large sets of sensitive data over the internet. By breaching these systems, the hackers stole reams of data from Cleo\u2019s corporate customers.<\/p>\n<p class=\"wp-block-paragraph\">Soon after, the Clop ransomware gang claimed on its dark web leak site that it <a href=\"https:\/\/techcrunch.com\/2025\/01\/16\/clop-ransomware-gang-names-dozens-of-victims-hit-by-cleo-mass-hack-but-several-firms-dispute-breaches\/\" target=\"_blank\" rel=\"noopener\">stole data from close to 60 companies<\/a> by exploiting the bug in their Cleo systems. In a later post, Clop claimed dozens more alleged corporate victims.<\/p>\n<p class=\"wp-block-paragraph\">The data extortion campaign became one of <a href=\"https:\/\/techcrunch.com\/2024\/12\/10\/hackers-are-exploiting-a-flaw-in-popular-file-transfer-tools-to-launch-mass-hacks-again\/\" target=\"_blank\" rel=\"noreferrer noopener\">the most notable mass-hacks of 2024<\/a>.<\/p>\n<p class=\"wp-block-paragraph\">At the time, Hertz, which was named on Clop\u2019s site, said it had \u201cno evidence\u201d that Hertz data or Hertz systems were affected.<\/p>\n<p class=\"wp-block-paragraph\">On Monday, Hertz\u2019s spokesperson told TechCrunch it found no evidence that Hertz\u2019s own network was affected by the breach, but confirmed that Hertz data \u201cwas acquired by an unauthorized third party that we understand exploited zero-day vulnerabilities within Cleo\u2019s platform in October 2024 and December 2024.\u201d<\/p>\n<p class=\"wp-block-paragraph\">A Cleo executive did not respond to TechCrunch\u2019s inquiry on Monday.<\/p>\n<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/techcrunch.com\/2025\/04\/14\/hertz-says-customers-personal-data-and-drivers-licenses-stolen-in-data-breach\/\" target=\"_blank\" rel=\"noopener\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Car rental giant Hertz has begun notifying its customers of a data breach that included their personal information and driver\u2019s licenses. The rental company, which also owns the Dollar and Thrifty brands, said in notices on its website that the breach relates to a cyberattack on one of its vendors between October 2024 and December [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":162088,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[14],"tags":[],"class_list":{"0":"post-162087","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-tech"},"_links":{"self":[{"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/posts\/162087","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/comments?post=162087"}],"version-history":[{"count":0,"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/posts\/162087\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/media\/162088"}],"wp:attachment":[{"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/media?parent=162087"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/categories?post=162087"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/tags?post=162087"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}