Hertz So Bad: Alarming Data Breach Exposes Customer Data To Hackers

Hertz Corporation has warned about an alarming data breach that might have exposed sensitive customer data to hackers. The rental car company has provided details of the breach, the measures it has taken, and what potentially affected individuals can do to safeguard their personal information, if needed.

In a notice, Hertz revealed that customer data was extracted within Cleo, the platform it uses for file transfer. The platform was the subject of a vicious zero-day attack that enabled unauthorized third-party access to the customer data of Hertz, Dollar, and Thrifty rental vehicle brands. According to Hertz, while this breach occurred on the Cleo platform in October and December 2024, it only became known on the 10th of February 2025.

Upon discovering the breach, Hertz embarked on security research to know “the scope of the event and to identify individuals whose personal information may have been impacted."

On the 2nd of April 2025, after the conclusion of its research, it found that the data breach could include information such as name, date of birth, credit card numbers, contact information, and information on workers' compensation claims of customers. It also added that the breach might have exposed personal information of a few individuals, such as "their Social Security or other government identification numbers, passport information, Medicare or Medicaid ID (associated with workers’ compensation claims), or injury-related information associated with vehicle accident claims.”


Hertz said that Cleo has since investigated the security flaw and addressed it. Hertz also revealed that it has reported the incident to law enforcement agents and will soon report it to relevant regulatory authorities.

As a precautionary measure, Hertz revealed that it hired Kroll, a cyber risk company specializing in identity monitoring, to discover signs of identity theft. Kroll will offer free identity monitory services for two years to customers who may be impacted by the breach. Hertz adds that customers in the US can immediately sign up for the service. 

This notice confirms earlier reports which revealed that the Clop ransomware gang had access to Hertz customer data.

Although Hertz states that it is unaware of any abuse of the exposed data, it has encouraged customers to be vigilant. The company recommends that customers review their credit statements and monitor credit reports, place a fraud alert on their credit file, and place a credit freeze on their credit report as well. If you've used their services in the past and are concerned, you can find the full Hertz report here.