%20(2)%20(1).webp "Hertz Car Rental Platform Exposes 60,000 Insurance Claim Reports")
%20(2)%20(1).webp&description=Hertz+Car+Rental+Platform+Exposes+60%2C000+Insurance+Claim+Reports){kind=link}
The recent data breach at Hertz, a prominent car rental company, has exposed over 60,000 insurance claim reports. This incident has sparked concerns about the company’s data security practices and has left customers questioning the safety of their personal information.
The discovery of the breach came to light when a customer received an unexpected email from Hertz regarding a rental record for a vehicle that was damaged. The email, which appeared legitimate with the correct domain and professional formatting, contained a suspicious link leading to an unfamiliar site called htzra.com, later identified as a phishing site. Further investigation revealed that the site was collecting sensitive information through a form disguised as an accident report submission.
The vulnerability exploited in this data exposure was a classic access control flaw known as Indirect Object Reference. This flaw allowed unauthorized users to access other customers’ accident reports simply by altering the URL. The exposed reports contained personal information such as names, addresses, phone numbers, and ages of the affected individuals, with only a small percentage including more detailed information.
Upon discovering the breach, cybersecurity firm Adversis reported the issue to Hertz. The company promptly shut down the compromised domain and restricted access to the leaked information. By September 13, 2024, CERT confirmed that the domain was no longer accessible. Hertz has issued a statement acknowledging the breach and assured customers that they are enhancing their security measures. They have also contacted affected customers to provide guidance on protecting their personal information.
This incident has revealed significant vulnerabilities in Hertz’s data handling practices and emphasizes the importance of robust cybersecurity measures in safeguarding customer information. Customers are advised to remain vigilant for suspicious communications and monitor their accounts for unusual activity. Some customers may opt for companies with established bug bounty programs or stronger security protocols for future rentals.
The breach serves as a reminder of the risks associated with sharing personal information online and highlights the necessity for companies to prioritize data protection. It underscores the need for continuous improvement in cybersecurity practices to prevent such incidents in the future.