Hertz has suffered a devastating data breach, one in which customers’ drivers license information and a host of other personal information was stolen.

Hertz, which also owns Dollar and Thrifty Brands, published the data breach notice on its website. According to the company, the breach originated from its use of a file transfer platform provided by Cleo Communication, with hackers exploiting a zero-day vulnerability in the platform. The breach happened between October and December 2024.

Unfortunately, it appears the bad actors managed to access and steal a veritable treasure trove of personal data.

We completed this data analysis on April 2, 2025, and concluded that the personal information involved in this event may include the following: name, contact information, date of birth, credit card information, driver’s license information and information related to workers’ compensation claims. A very small number of individuals may have had their Social Security or other government identification numbers, passport information, Medicare or Medicaid ID (associated with workers’ compensation claims), or injury-related information associated with vehicle accident claims impacted by the event.

The company says it is cooperating with law enforcement, and Cleo has taken similar steps to address the breach.

Hertz takes the privacy and security of personal information seriously. To that end, Hertz has confirmed that Cleo took steps to investigate the event and address the identified vulnerabilities. Hertz also reported this event to law enforcement and is in the process of reporting the event to relevant regulators. Further, out of an abundance of caution, Hertz has secured the services of Kroll to provide two years of identity monitoring or dark web monitoring services to potentially impacted individuals at no cost. Potentially impacted residents of the United States may sign up for identity monitoring services here: http://hufcuwxgqzil.kroll.com/.

Hertz says it doesn’t have evidence of any of the stolen data being used, but customers should still take necessary precautions.

While Hertz is not aware of any misuse of personal information for fraudulent purposes in connection with the event, we encourage potentially impacted individuals, as a best practice, to remain vigilant to the possibility of fraud or errors by reviewing account statements and monitoring free credit reports for any unauthorized activity and reporting any such activity. We have also included additional resources below.