Hertz Data Breach: Customer Personal Data Stolen by

Okay, so Hertz Corporation? Yeah, they’ve just confirmed a pretty big data breach. It’s impacting customers across their Hertz, Dollar, and Thrifty brands. Basically, hackers managed to exploit some critical security vulnerabilities, getting their hands on sensitive customer information.

The company disclosed that unauthorized third parties acquired customer data after exploiting zero-day vulnerabilities in a vendor’s file transfer platform, potentially exposing the personal details of an undisclosed number of customers.

How Hackers Gained Access

According to a recent notice of data incident, Hertz discovered on February 10, 2025, that customer data had been compromised through its vendor, Cleo Communications US, LLC.

The hackers exploited zero-day vulnerabilities within Cleo’s file transfer platform during two separate incidents in October and December 2024.

“The unauthorized access was facilitated through critical security flaws that were previously unknown to the software developers,” said cybersecurity expert Marcus Reynolds, who specializes in transportation sector security breaches.

“Zero-day vulnerabilities are particularly dangerous as they can be exploited before vendors have an opportunity to develop and distribute patches.”

Following a comprehensive data analysis completed on April 2, 2025, Hertz confirmed that the compromised information includes customers’ names, contact information, dates of birth, credit card details, and driver’s license information. The breach also exposed data related to workers’ compensation claims.

A smaller subset of individuals may have had more sensitive information compromised, including Social Security numbers, government identification numbers, passport information, Medicare or Medicaid IDs associated with workers’ compensation claims, and injury-related information connected to vehicle accident claims.

Hertz’s Data Breach Response

In response to the breach, Hertz has taken several remedial measures. The company has confirmed that Cleo has investigated the incident and addressed the identified vulnerabilities.

Additionally, Hertz has reported the incident to law enforcement and is working with relevant regulatory authorities. “We take the privacy and security of personal information seriously,” stated a Hertz representative.

“While we are not aware of any misuse of personal information for fraudulent purposes in connection with this event, we are providing resources to help customers protect themselves.”

As part of its response plan, Hertz has partnered with Kroll, a risk consulting firm, to provide affected U.S. residents with two years of complimentary identity monitoring or dark web monitoring services.

Cybersecurity analysts have noted that this breach follows a growing trend of attacks targeting third-party vendors to gain access to larger corporations’ data.

Affected customers are advised to remain vigilant by regularly reviewing account statements and monitoring credit reports for unauthorized activity.

Industry experts recommend that affected individuals consider placing fraud alerts or credit freezes on their credit files as additional precautionary measures to protect against potential identity theft or fraud resulting from the data breach.