- Hertz says it was subject to a cyberattack between October and December 20204.
- Some drivers’ social security numbers were stolen, along with names and payment information.
- Hertz blames its vulnerability on software company Cleo, which supplies its file transfer system.
Hertz rents out its fleet of cars and vans millions of times over every year, resulting in it amassing sensitive data for huge numbers of customers in America and around the globe. Now, the rental company says some of that personal data was accessed in a cyberattack last fall.
var adpushup = window.adpushup = window.adpushup || {que:[]};
adpushup.que.push(function() {
if (adpushup.config.platform !== “DESKTOP”){
adpushup.triggerAd(“0f7e3106-c4d6-4db4-8135-c508879a76f8”);
} else {
adpushup.triggerAd(“82503191-e1d1-435a-874f-9c78a2a54a2f”);
}
});
In a notice on its website, Hertz claims hackers exploited zero-day vulnerabilities within software provided by US firm Cleo Communications. Cleo’s file transfer platform allows companies like Hertz to process large volumes of customer data, theoretically safely, but this February, Hertz discovered driver data had been stolen in October and December last year.
Related: Hertz Strikes Again, Apologizes For Late Return Error Then Sends $707 Debt To Collections
Hertz says name, contact information, date of birth, driver’s license information, and payment card information may have been stolen, but also admits some renters might have had their social security and Medicare or Medicaid IDs accessed, and even their passport data.
The rental giant hasn’t disclosed how many customers in total have had their information exposed in the attack, only telling TechCrunch that it would be “inaccurate to say millions.” But did admit that at least 3,400 in Maine were affected, plus more in other states, including California, TechCrunch reports.
And the fact that customer alert notices have been placed on various countries’ Hertz websites means the breach must not be restricted to the US, and includes customers in the UK, the European Union, Australia, Canada, and New Zealand.
Hertz says it has reported the event to law enforcement and is in the process of informing regulators, and while it isn’t aware of any customer info being misused, it has “secured the services of [cyberattack experts] Kroll to provide two years of identity monitoring services to potentially impacted individuals at no cost.”
This isn’t the first time Cleo’s file transfer technology has been at the center of a hacking story. Last year, Cleo systems used by dozens of different companies were attacked by a ransomware group with links to Russia.
var adpushup = window.adpushup = window.adpushup || {que:[]};
adpushup.que.push(function() {
if (adpushup.config.platform !== “DESKTOP”){
adpushup.triggerAd(“bb7964e9-07de-4b06-a83e-ead35079d53c”);
} else {
adpushup.triggerAd(“9b1169d9-7a89-4971-a77f-1397f7588751”);
}
});
var adpushup = window.adpushup = window.adpushup || {que:[]};
adpushup.que.push(function() {
if (adpushup.config.platform !== “DESKTOP”){
adpushup.triggerAd(“bb7964e9-07de-4b06-a83e-ead35079d53c”);
} else {
adpushup.triggerAd(“9b1169d9-7a89-4971-a77f-1397f7588751”);
}
});
#Hertz #Hackers #Stole #Customers #Personal #Data #License #Records
