The car rental giant Hartz has begun notifying a data violation of its customers so that they include their personal information and driver’s license.
The rental company, which also owns the dollar and the threift brand, said On the notice of its website The breach that is related to one of its sellers from October 2024 to December 2024 is related to a cybertack of one of its sellers.
The stolen data varies according to the region but mainly includes the name of the Hartz customer, date of birth, contact information, driver’s license, payment card information and workers’ claims. Hartz said that a small number of customers violated their social security numbers, in addition to the number of other government-detected identifications.
Notifications on Hartz’s websites reveal to customers Australia, CanadaThe European Union, New ZealandThe UKThe
Hartz also expressed violations with several US states, including California and Maine. Hartz said that at least 5 customers were affected in Maine, but did not listen to the total number of the victim, which is likely to be significantly higher.
Hartz spokesperson Emily Spencer, do not supply TechCrunch with a certain number of people affected by violations but said that it would “be millions of millions” customer will suffer.
The company blamed the violation to a seller, Cleo software, which was at the center of a mass-hacking promotion by Russia-connected Ransomware gang last year.
Hartz is one of a dozen companies that used Cleo software during their data theft. Clop Ransomwear Gang claimed Clear’s widely used enterprise file transfer products last year, which has used zero-day weaknesses in transfer products, which companies allow large sets of sensitive data on the Internet. In violation of these systems, hackers steal data rims from Clear Corporate customers.
Only then does the Clop Ransomwear Gang have claimed on his web leakage site that it has stole about 60 company data by using the bug on their Cleo system. In the next post, Klopp demanded a few dozens of complaint corporate victims.
Data extortion operations have become one of the most notable mass hacks of 2024.
At that time, Hartz, named on the site of Klopp, said there was no evidence that hearts or hearts were affected.
On Monday, the Hartz spokesperson told TechCrunch that it was influenced by Hartz’s own network violation, but confirmed that Heartz Data was acquired by a unauthorized third party that we understood the vulnerable of the blank-day weakness in Clear’s platform 2024 and December 2024.
On Monday, a Cleo Executive did not respond to TechCrunch investigation.
