Hertz Acknowledges Customer Info and Driver's Licenses Stolen in Data Breaches
Car rental company Hertz sent letters Friday to potentially impacted customers informing them of data breaches from 2024 in which bad actors might have accessed or stolen their personal information. That same day, the Office of the Maine Attorney General reported the breach. The breaches violated the file data transfer platform of Cleo Communications, a Hertz vendor.
Sign up for a free preview to unlock the rest of this article
"On February 10, 2025, we confirmed that Hertz data was acquired by an unauthorized third party that we understand exploited zero-day vulnerabilities within Cleo’s platform in October 2024 and December 2024," the Hertz letter said. The company said it "immediately began analyzing the data to determine the scope of the event and to identify individuals whose personal information may have been impacted."
The analysis was finished on April 2, Hertz said, and found that customers' names, contact information, credit card information and driver's license information were possibly compromised. Additionally, for some customers, their social security numbers, Medicare or Medicaid ID and passport information may have been leaked, the car rental company said. The remainder of the letter contained resources for those impacted.
"Hertz takes the privacy and security of personal information seriously," the letter said. "To that end, Hertz has confirmed that Cleo took steps to investigate the event and address the identified vulnerabilities. Hertz also reported this event to law enforcement and is in the process of reporting the event to relevant regulators."
Though the AG office reported that 3,409 Maine residents were affected by the breach, neither the office nor Hertz announced how many total customers were impacted.