Most companies use different vendors to run differently Parts of their businessSuch as customer management, finance, payroll and social media. To do this, they share access to customer data with these platforms. The issue is that not all vendors take cyber security seriously, and hackers are well aware of it.
More and more, the attackers are going after these weak links in the digital supply chain. These types of violations are often quietly quietly, with a large amount of customer information without touching the company’s main system. It is becoming a serious concern for both businesses and their customers.
One of the latest cases included Hz, car rental veterans, who recently confirmed that customer data was exposed to a cyber attack on one of their software vendors.
Join the free “cyberguy report”, Get my expert tech tips, critical security alert and exclusive deal, plus instant access Free “Last scam survival guide “ When you sign up!
Hzar rent location (Hz)
What happened in Hz?
Hzrtz, global car rental company which also operates dollars and frugal A data violation revealed To impress thousands of your customers. The incident stems from cyber attack on one of its third-party vendors, software provider Cleo between October and December 2024. Breach did not directly compromise with Hz’s internal systems, but it included data that was shared with the seller as part of his operating workflow.
The compromise vary by the data sector, but it includes sensitive personal information such as names, date of birth, contact details, driver’s license number and, in some cases, social security numbers and IDs issued by other government. Some financial information, including payment card details and compensation claims of workers, was also one of the stolen records.
In the US, revelations were filed with regulatory bodies in California, Texas and Main. In particular, 3,457 persons were affected in the main and 96,665 in Texas. The total global impact is believed to be far more. Customers in Australia, Canada, European Union, New Zealand and UK were also informed through violation notice on Hz’s regional websites.
What is Artificial Intelligence (AI)?
The Breach is believed to have a work of a clop ransomware gang, a famous Russian-Linked Hacking Group. Clop exploited a zero-day vulnerability in Cleo’s enterprise file transfer software, technology used to securely transmit commercial data sensitive by many large organizations. In 2024, the gang launched a mass-hooking campaign targeting Cleo users, eventually stolen data from more than 60 companies including Hz.
Interestingly, while Hz was designated on the dark web leak site of the clop in 2024, the company initially stated that there was “no evidence” from its system or data.
When contacted Cybergui, a spokesperson of Hz said, “In the hertz, we take seriously the privacy and safety of personal information. This seller involved in the phenomenon, includes Cleo, a file transfer platform that was used for limited objectives by the hertz. Importantly, we have not found any evidence from our forensic investigation, we affect this event which we have influenced this event. In 2024, exploit zero-day weaknesses within the platform of Cleo. “
Hzar rent location (Hz)
200 million social media records leaked in major X data breech
What does this mean for customers?
While the internal systems of Hz were not violated, the risk of personal data, including the driver’s license number, contact details and IDs issued by the government, pose serious risks. Can be unsafe for the affected person Identification of theftFraud account opening and targeted Fishing effortIf social security numbers were included, the possibility of loss increases significantly. Between October and December 2024, anyone who hired from Hz, Dollar or Fruitful should be on high alert.
A hacker at work (Kurt “Cybergui” Notson)
Malware exposes 3.9 billion passwords in huge cyber security threat
7 ways to protect yourself after Hz data breech
If you feel that you were impressed or just want to be vigilant, there are some steps that you can take now to stay safe from Hz data breech.
1. Watch out for the fishing scam and use strong antivirus software: With access to your email, phone number or identity documents, attackers can assure the fishing email pretending to be from healthcare providers or banks. These emails may include malicious links designed to steal malware or login information. To protect yourself, use a strong antivirus program. Get my pics of best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices,
2. Scrub your data from the Internet using personal data removal service: The more exposed your personal information, the easier it is that it is easy for scammers to use against you. After Hz Breech, consider removing your information from public database and people’s search sites. See my top pics for data removal services here,
3. Use safety and identity theft security against identity theft: Hackers now have access to high-value information from Hz Breech, including social security numbers, driver’s license and bank information. This makes you a major goal for theft of identity. They can also help you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. Sign up for identity theft protects you 24/7 monitoring, alert for unusual activity and supports if your identity is stolen. See my tips and see the best pics to protect yourself from identity theft,
Get Fox Business when you click here
4. Set fraud alert: The request of fraud alert is informed the creditors that they require additional verification before issuing credit in your name. You can request fraud alert through one of the three major credit bureau; They will inform others. It adds another layer of protection without completely cold until the credit.
5. Monitor your credit report: Check your credit report regularly Anfelcreditreport.comWhere you can use a free report once or more often from each bureau if you are concerned about fraud. Quickly spotting unauthorized accounts can cause major financial damage.
6. Change passwords and use password manager: Update passwords on any account related to the data made. Use unique passwords that are difficult to guess and allow a password manager to generate heavy people by generating safe people. Re -used password is an easy goal after violations. Consider password managers for convenience and safety. Find out more about me 2025 Best Expert-Recipe Password Managers,
7. Beware of social engineering attacks: Hackers can use stolen details such as violations in the phone scam or the dates of birth in fake customer service calls can be designed to disclose more sensitive information. Never share personal details on unwanted calls or emails. Social engineering attacks rely on confidence, and vigilance is important.
Hackers using malware to steal data from USB flash drive
Kurt’s key to Techway
Cyber โโrisk does not always come from a company’s own network. It is often produced in unseen corners of the digital supply chain. Even when companies double on internal cyber security, they should be equally rigid in how they monitors third party vendors. For consumers, it is not enough to rely on the big brand on the label. The data trail is widespread, the surface of the attack is large and the result is far more opaque.
Click here to get Fox News app
If companies cannot protect our data, should they be allowed to collect so much of it? Write us and tell us Cyberguy.com/Contact.
For my tech tips and security alert, subscribe to my free cybergui report newsletter Cyberguy.com/newsletter.
Ask Kurt a question or tell us which stories you want to cover us.
Follow Kurt on your social channels:
Answers to the most asked cyber questions:
New from Kurt:
Copyright 2025 cyberguy.com. All rights reserved.
