If you have ever rented a car from Hertz, you might want to check your credit reports and keep an eye out for any unusual activity. The car rental giant sent a notice to customers warning of a data breach that took place between October and December 2024.
The Hertz Corporation, on behalf of Hertz, Dollar and Thrifty brands (collectively, “Hertz,” “we,” or “us”), is providing notice of an event involving Cleo Communications US, LLC (“Cleo”), a vendor of Hertz, that may have impacted the personal information of certain individuals. This notice provides details about the event, measures we have taken in response, and additional steps potentially impacted individuals can take to help protect their personal information, if they feel it is necessary to do so.
Cleo is a vendor that provides a file transfer platform used by Hertz for limited purposes. On February 10, 2025, we confirmed that Hertz data was acquired by an unauthorized third party that we understand exploited zero-day vulnerabilities within Cleo’s platform in October 2024 and December 2024. Hertz immediately began analyzing the data to determine the scope of the event and to identify individuals whose personal information may have been impacted.
We completed this data analysis on April 2, 2025, and concluded that the personal information involved in this event may include the following: name, contact information, date of birth, credit card information, driver’s license information and information related to workers’ compensation claims. A very small number of individuals may have had their Social Security or other government identification numbers, passport information, Medicare or Medicaid ID (associated with workers’ compensation claims), or injury-related information associated with vehicle accident claims impacted by the event.
According to the notice, Hertz confirmed on February 10 that “data was acquired by an unauthorized third party.” Its analysis of the at-risk data concluded on April 2, 2025.
In other words, your personal data, including your name, contact information, date of birth, credit card information, driver’s license information, and even worker’s compensation claims could have been exposed. Further, “a very small number of individuals may have had their Social Security or other government identification numbers, passport information, Medicare or Medicaid ID” information leaked as well. The Federal Trade Commission (FTC) reports that more than $12.5 billion was lost to fraud in 2024.
Hertz is a national company with locations in all 50 states, so customers across the country are potentially at risk. The leaked information is potentially enough for a bad actor to steal the identity of those affected, so be wary of suspicious purchases or credit cards opened in your name.
Hertz
That said, Hertz hasn’t received any reports of damages caused by the leak. “While Hertz is not aware of any misuse of personal information for fraudulent purposes in connection with the event, we encourage potentially impacted individuals, as a best practice, to remain vigilant to the possibility of fraud or errors by reviewing account statements and monitoring free credit reports for any unauthorized activity and reporting any such activity,” the company writes.
Protecting your personal data is difficult in today’s digital world, especially when exploits like the one used to target Hertz are difficult to detect in real time. While you can’t do much about your data once it’s in the hands of a company, you can protect yourself while browsing the web by using a VPN and applying smart safety practices.
