Car rental giant Hertz Corporation warns it suffered a data breach after customer data for its Hertz, Thrifty, and Dollar brands was stolen in the Cleo zero-day data theft attacks.
"On February 10, 2025, we confirmed that Hertz data was acquired by an unauthorized third party that we understand exploited zero-day vulnerabilities within Cleo's platform in October 2024 and December 2024," reads the
Hertz data breach notification.
"Hertz immediately began analyzing the data to determine the scope of the event and to identify individuals whose personal information may have been impacted."
The company says that the data varies per individual but could contain customers' names, contact information, date of birth, credit card information, driver's license information, and information related to workers' compensation claims.
In addition, Hertz says a small number may have had their Social Security numbers or government identification stolen.
"A very small number of individuals may have had their Social Security or other government identification numbers, passport information, Medicare or Medicaid ID (associated with workers' compensation claims), or injury-related information associated with vehicle accident claims impacted by the event," warned Hertz.
While Hertz has not shared how many customers were impacted by the incident, Maine's Attorney General's Office reports that 3,409 people in the state are receiving notifications. The notifications were also shared with California and Vermont, which do not report the number of impacted people in the state.
