Car rental giant Hertz has announced and begun notifying its customers of a data breach that included their personal information and driver’s licenses. The data breach affected at least 100,000 customers.
The rental company, which also owns the Dollar and Thrifty brands, said in notices on its website that the breach relates to a cyberattack on one of its vendors, Cleo, providing file transfer platform used by Hertz.
“On February 10, 2025, we confirmed that Hertz data was acquired by an unauthorized third party that we understand exploited zero-day vulnerabilities within Cleo’s platform in October 2024 and December 2024.”
The stolen data varies by individual and region, but includes customer names, contact information, date of birth, credit card information, driver’s license information and information related to workers’ compensation claims. Hertz said a smaller number of customers had their Social Security or other government identification numbers, passport information, Medicare or Medicaid ID, or injury-related information associated with vehicle accident claims, were impacted by the event.
Hertz has disclosed the breach with several US states, including California, Maine, and Texas. Hertz said at least 3,400 customers in Maine were affected, and some 96,665 customers in Texas, but neither listed the total number of affected individuals.
Read more about it here.