Hertz Confirms Major Data Breach Exposing Customer Driver’s Licenses and Personal Data
Car rental giant Hertz has officially notified customers about a significant cybersecurity incident that compromised sensitive personal information, including driver’s license details. The breach originated from a vendor system hack between October and December 2024.
What Information Was Compromised?
The stolen data varies by region but primarily includes:
- Full names and dates of birth
- Contact information (email/phone)
- Driver’s license numbers
- Payment card details
- Workers’ compensation claims
A smaller subset of customers had even more sensitive data exposed:
- Social Security numbers (U.S. customers)
- Other government-issued ID numbers
Global Impact and Notification Efforts
Hertz has posted breach notifications for affected regions including:
In the U.S., state filings reveal:
- 3,400+ affected customers in Maine
- 96,665+ affected customers in Texas
The total global impact remains undisclosed, though Hertz spokesperson Emily Spencer confirmed it would be “inaccurate to say millions” were affected.
Root Cause: Vendor System Exploit
The breach traces back to cybersecurity vulnerabilities in software from Cleo, a business file-transfer provider. In late 2024, the Russia-linked Clop ransomware gang exploited a zero-day flaw in Cleo’s systems to access data from multiple corporate clients, including Hertz.
Key Timeline:
- October-December 2024: Hackers exploit Cleo vulnerability
- December 2024: Clop gang claims access to ~60 companies’ data
- January 2025: Hertz initially denies system compromise
- April 2025: Confirms customer data was acquired via vendor breach
Current Status and Recommendations
Hertz maintains its internal systems weren’t directly breached but confirms customer data stored with Cleo was compromised. The company recommends affected customers:
- Monitor financial accounts for suspicious activity
- Consider credit freezes/fraud alerts
- Be vigilant against phishing attempts
- Utilize any offered identity protection services
Cleo executives have not responded to media inquiries about the incident. This remains one of the most significant supply-chain cyberattacks since the 2024 mass exploit campaign.
Last updated April 15, 2025 with Texas filing details
📚 Featured Products & Recommendations
Discover our carefully selected products that complement this article’s topics:
🛍️ Featured Product 1: AMBUSH AIR ADJUST FORCE SP
Image: Premium product showcase
Carefully crafted ambush air adjust force sp delivering superior performance and lasting value.
Key Features:
- Professional-grade quality standards
- Easy setup and intuitive use
- Durable construction for long-term value
- Excellent customer support included
🔗 View Product Details & Purchase
🛍️ Featured Product 2: AIR TECH CHALLENGE II “HOT LAVA”
Image: Premium product showcase
Carefully crafted air tech challenge ii “hot lava” delivering superior performance and lasting value.
Key Features:
- Industry-leading performance metrics
- Versatile application capabilities
- Robust build quality and materials
- Satisfaction guarantee and warranty
🔗 View Product Details & Purchase
🛍️ Featured Product 3: AMM 365 LONG SLEEVE TEE
Image: Premium product showcase
Advanced amm 365 long sleeve tee engineered for excellence with proven reliability and outstanding results.
Key Features:
- Professional-grade quality standards
- Easy setup and intuitive use
- Durable construction for long-term value
- Excellent customer support included
🔗 View Product Details & Purchase
💡 Need Help Choosing? Contact our expert team for personalized product recommendations!
