FWC says 3 bears sent for testing after deadly attack in Collier County
FWC said three bears have been sent to Gainesville to see if they were involved in the deadly attack that left a man and dog dead in Collier County.
- Hertz faces multiple class-action lawsuits after a data breach exposed customer data, including social security and credit card numbers.
- The breach, attributed to a vulnerability in software from vendor Cleo, impacted thousands of Hertz customers across multiple states and countries.
- Plaintiffs allege Hertz failed to adequately protect customer data and concealed the breach, leading to increased risk of identity theft and other damages.
- Hertz maintains it took time to notify customers to determine the scope of the breach and identify affected individuals, offering two years of identity monitoring services.
- The notorious Clop ransomware group claimed responsibility for the attack.
Hertz has been hit with class-action lawsuits over a data breach that exposed its customers’ personal information to cybercriminals.
Federal suits have been filed in multiple states, including Florida and Illinois.
The cases would have to be qualified and certified as class actions to proceed that way. Often, such cases get combined.
Mark Camplese, a resident of New Castle, Pennsylvania, is one of at least two plaintiffs filing suits in the Middle District of Florida’s Fort Myers division, closest to Hertz’s headquarters.
Failing to ‘take precautions,’ suit alleges
The rental car giant has its global headquarters in Estero.
In his suit, Camplese seeks millions in damages for the class, made up of thousands of customers.
He accuses Hertz of failing to “take precautions designed to keep individuals’ private information secure,” despite benefiting from it.
That private information includes social security, driver’s license and credit card numbers and birthdates.
Hertz began alerting customers about the data breach on April 11, saying some of their personal information may have been stolen, due to unknown vulnerabilities in a vendor’s software.
In a statement, Hertz said: “We take the privacy and security of personal information seriously. This vendor event involves Cleo, a file transfer platform used by Hertz for limited purposes. Importantly, to date, our forensic investigation has found no evidence that Hertz’s own network was affected by this event.”
Cleo is based in Rockford, Illinois, triggering multiple lawsuits in that state.
Hertz notified customers of data breach in April
While Hertz confirmed the breach internally in February, following its own investigation, the company stated it didn’t want to notify customers until after it determined “the scope of the event,” and identified “whose personal information may have been impacted.”
The investigation found customer data was acquired by an “unauthorized third party” after cyberattacks in October and December of last year.
In his suit, Camplese claims he and many other customers have suffered irreparable harm, with their personal information “exposed to criminals for misuse.”
He argues not only have he and others lost their ability to control their private information, but they have been subjected to an increased risk of identity theft. He faults Hertz for failing to provide “prompt and accurate notice” of the breach, and concealing it for an “unreasonable duration of time.”
Personally, Camplese said, he’s spent hours researching what happened and taking steps to protect his finances and identity, he’s suffered fear, anxiety and stress, and he’s experienced a “significant uptick in spam calls, and texts.”
He accuses Hertz of negligence, unjust enrichment, breach of implied contract and breach of confidence.
Under the Class Action Fairness Act, damages must exceed $5 million for a class-action case to be considered in federal court, and it must involve at least 100 plaintiffs.
Camplese has demanded a jury trial.
He seeks damages “in amounts to be determined by the court and/or jury,” along with interest, attorneys’ fees and other litigation costs, and restitution.
Multiple class-action suits filed in Florida against Hertz
Muneerah Crawford, another Hertz customer from California, has filed a similar case in the same federal court in downtown Fort Myers over the breach, with more counts, or allegations, listed in her complaint, including invasion of privacy.
She describes the breach as “widespread and preventable” affecting “thousands, if not millions” of people in the United States. It impacted customers of the Hertz, Thrifty, and Dollar rental car brands, which share the same parent company.
The notoriousClop cybercriminal ransomware group claimed responsibility for the attack via a statement on its website.
Crawford accuses Hertz of maintaining customers’ private information in a “reckless manner,” and in “a condition vulnerable to cyberattacks.”
She seeks to represent a national class and a California subclass. She alleges Hertz violated several of her state’s laws, including a Consumer Privacy Act.
Hertz is just one of many companies affected by the exploitation of Cleo’s vulnerability in its software platform late last year.
According to an article by BleepComputer, Clop stated theystole the data for 66 companies. Among them: WK Kellogg and Western Alliance Bank.
While the two lawsuits in Florida only named Hertz as a defendant, others have included Hertz and Cleo, outside of the state.
One of at least two complaints filed against Hertz and Cleo in Illinois, however, has been voluntarily dismissed.
Initially, Joshua Jonte, a Hertz customer, who filed a class-action suit in the Northern District of Illinois, included Cleo as a defendant, but he later removed it as a party in his amended complaint.
While Cleo issued a patch in October 2024, it was insufficient. It released another one in December to address the problems, urging customers to “immediately” apply it.
Hertz has provided two years worth of identity monitoring services to its affected customers at no cost, and urged customers to remain diligent in protecting themselves.
Suit claims Hertz received a ransom demand from cybercriminals
In his complaint, Jonte claims Clop “purportedly issued a ransom demand” to Hertz, threatening to release all stolen information obtained from the data breach onto its leak page.
Hertz, he said, has not disclosed whether it paid a ransom.
As a policy, the company does not comment on pending litigation.
Hertz has not shared just how many of its customers were affected by the data breach.
According to anotice filed by Hertz in Mainehowever, 3,409 customers in that state alone were impacted.
TechCrunchreported another 96,600 or so in Texas may have been affected. Hertz customers in Australia, Canada, the European Union, New Zealand and The United Kingdom were also alerted about the breach.
Hertz currently has more than 11,000 rental locations in 160 countries.
The company completed its move to Estero in 2016 ― after building a new and modern world headquarters, off U.S. 41.
