Hertz Corporation has confirmed a significant data breach affecting customers of its Hertz, Dollar, and Thrifty brands, where hackers exploited critical security vulnerabilities to access sensitive customer information.
The company disclosed that unauthorized third parties acquired customer data after exploiting zero-day vulnerabilities in a vendor’s file transfer platform, potentially exposing the personal details of an undisclosed number of customers.
According to a recent notice of data incident, Hertz discovered on February 10, 2025, that customer data had been compromised through its vendor, Cleo Communications US, LLC.
The hackers exploited zero-day vulnerabilities within Cleo’s file transfer platform during two separate incidents in October and December 2024.
“The unauthorized access was facilitated through critical security flaws that were previously unknown to the software developers,” said cybersecurity expert Marcus Reynolds, who specializes in transportation sector security breaches.
“Zero-day vulnerabilities are particularly dangerous as they can be exploited before vendors have an opportunity to develop and distribute patches.”
Following a comprehensive data analysis completed on April 2, 2025, Hertz confirmed that the compromised information includes customers’ names, contact information, dates of birth, credit card details, and driver’s license information. The breach also exposed data related to workers’ compensation claims.
A smaller subset of individuals may have had more sensitive information compromised, including Social Security numbers, government identification numbers, passport information, Medicare or Medicaid IDs associated with workers’ compensation claims, and injury-related information connected to vehicle accident claims.
In response to the breach, Hertz has taken several remedial measures. The company has confirmed that Cleo has investigated the incident and addressed the identified vulnerabilities.
Additionally, Hertz has reported the incident to law enforcement and is working with relevant regulatory authorities. “We take the privacy and security of personal information seriously,” stated a Hertz representative.
“While we are not aware of any misuse of personal information for fraudulent purposes in connection with this event, we are providing resources to help customers protect themselves.”
As part of its response plan, Hertz has partnered with Kroll, a risk consulting firm, to provide affected U.S. residents with two years of complimentary identity monitoring or dark web monitoring services.
Cybersecurity analysts have noted that this breach follows a growing trend of attacks targeting third-party vendors to gain access to larger corporations’ data.
Affected customers are advised to remain vigilant by regularly reviewing account statements and monitoring credit reports for unauthorized activity.
Industry experts recommend that affected individuals consider placing fraud alerts or credit freezes on their credit files as additional precautionary measures to protect against potential identity theft or fraud resulting from the data breach.
Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!
A critical security vulnerability has been discovered in ASUSTOR backup and synchronization software, allowing attackers…
Microsoft has introduced a practical new feature in Windows 11 designed specifically for public-facing monitors…
SonicWall has disclosed a critical stack-based buffer overflow vulnerability in its SonicOS SSLVPN service. That…
OpenAI has launched GPT-5.1-Codex-Max, a specialized coding model designed to handle complex development tasks autonomously. The…
The U.S. Department of the Treasury, Australia, and the United Kingdom have announced coordinated sanctions…
Salesforce has issued a critical security alert identifying "unusual activity" involving Gainsight-published applications connected to…