TZUTC: -0500   
   MSGID: 1010.consprcy@1:2320/105 2c63e566   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   Potentially huge Hertz data breach sees customer personal info and driver   
   licenses stolen   
      
   Date:   
   Tue, 15 Apr 2025 09:28:00 +0000   
      
   Description:   
   The number of affected Hertz customers is "not in the millions", the company   
   says.   
      
   FULL STORY   
      
   Car rental giant Hertz has confirmed suffering cyberattack which saw it lose   
   sensitive customer information.    
      
   In a data breach notification letter published on its website, the company   
   said that the incident involved Cleo Communications, a software company that   
   provided file transfer services for Hertz for limited purposes.    
      
   The report says an unidentified threat actor exploited a zero-day   
   vulnerability in the Cleo platform to exfiltrate sensitive data in October    
   and December 2024. The attack was spotted in mid-February 2025, prompting an   
   investigation, with the analysis concluding some customer data was taken.    
      
   We completed this data analysis on April 2, 2025, and concluded that the   
   personal information involved in this event may include the following: name,   
   contact information, date of birth, credit card information, drivers license   
   information and information related to workers compensation claims, the   
   announcement reads.    
      
   A very small number of individuals may have had their Social Security or    
   other government identification numbers, passport information, Medicare or   
   Medicaid ID (associated with workers compensation claims), or injury-related   
   information associated with vehicle accident claims impacted by the event.    
      
   The exact number of affected individuals is not known at this time, with a   
   company spokesperson saying it would be, inaccurate to say millions of   
   customers are affected.    
      
   The identity of the attackers, or the nature of the breach, is also unknown    
   at this time. It most likely wasnt a ransomware attack, since it took the   
   company months to realize it was hacked. That being said, this was most    
   likely a simple data smash-and-grab.    
      
   To mitigate the damages, Hertz is offering two years of identity monitoring   
   and dark web monitoring services to potentially impacted individuals, through   
   Kroll, at no cost.    
      
   At press time, there was no evidence that the stolen data was misused in any   
   way.    
      
    Via TechCrunch   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/potentially-huge-hertz-data-breach-sees   
   -customer-personal-info-and-driver-licenses-stolen   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426