Sensitive customer information was exposed in a data security breach at Hertz in 2024 as the result of a cybersecurity attack on a third-party vendor of the rental car company — meaning that your personal information may especially be at risk if you one of the thousands of customers who rented a vehicle from Hertz, Dollar, or Thrifty between October 2024 and December 2024.
Customer Information Exposed in Data Security Breach at Hertz 2024
The Notice of Data Incident from The Hertz Corporation has been replicated verbatim for this article:
The Hertz Corporation, on behalf of Hertz, Dollar and Thrifty brands (collectively, “Hertz,” “we,” or “us”), is providing notice of
an event involving Cleo Communications US, LLC (“Cleo”), a vendor of Hertz, that may have impacted the personal
information of certain individuals. This notice provides details about the event, measures we have taken in response, and
additional steps potentially impacted individuals can take to help protect their personal information, if they feel it is
necessary to do so.
Cleo is a vendor that provides a file transfer platform used by Hertz for limited purposes. On February 10, 2025, we confirmed
that Hertz data was acquired by an unauthorized third party that we understand exploited zero-day vulnerabilities within
Cleo’s platform in October 2024 and December 2024. Hertz immediately began analyzing the data to determine the scope
of the event and to identify individuals whose personal information may have been impacted.
We completed this data analysis on April 2, 2025, and concluded that the personal information involved in this event may
include the following: name, contact information, date of birth, credit card information, driver’s license information and
information related to workers’ compensation claims. A very small number of individuals may have had their Social Security
or other government identification numbers, passport information, Medicare or Medicaid ID (associated with workers’
compensation claims), or injury-related information associated with vehicle accident claims impacted by the event.
Hertz takes the privacy and security of personal information seriously. To that end, Hertz has confirmed that Cleo took steps
to investigate the event and address the identified vulnerabilities. Hertz also reported this event to law enforcement and is in
the process of reporting the event to relevant regulators. Further, out of an abundance of caution, Hertz has secured the
services of Kroll to provide two years of identity monitoring or dark web monitoring services to potentially impacted individuals
at no cost. Potentially impacted residents of the United States may sign up for identity monitoring services here:
http://hufcuwxgqzil.kroll.com/.
While Hertz is not aware of any misuse of personal information for fraudulent purposes in connection with the event, we
encourage potentially impacted individuals, as a best practice, to remain vigilant to the possibility of fraud or errors by
reviewing account statements and monitoring free credit reports for any unauthorized activity and reporting any such activity. We have also included additional resources below.
We understand that there may be questions about this event that are not addressed in this notice. For additional information,
please call (866) 408-8964 Monday through Friday, from 6:00 a.m. to 8:00 p.m. Central Time, excluding major U.S. holidays.
Customers who were affected by this breach of security of their sensitive data may be vulnerable to identity theft, the fraudulent opening of accounts, and targeted “phishing” attempts in which nefarious entities try to get you to reveal personal information for their financial gain at your expense. The potential for harm increases significantly if Social Security numbers were involved.
Final Boarding Call
Between the incidents involving Delta Air Lines, Hyatt Corporation, Hilton, Kimpton Hotels and Restaurants, British Airways, Marriott, Facebook, Equifax, and other various companies over the years, protecting your sensitive information has become almost impossible to do…
…and yet, few measures are in place to rectify the potentially disastrous results which could possibly occur from these data breaches — as though few corporations and government entities are unconcerned about confronting the seriousness of such breaches and attacks.
If you were affected by the latest breach of sensitive data with Hertz, forget about looking forward to any meaningful compensation: greater than 344 million customers — including me, when my Starwood Preferred Guest account was compromised and wiped out back on Friday, January 16, 2015 before the issue was initially resolved six days later — were affected by the data breaches over the years with both Marriott International, Incorporated and Starwood Hotels & Resorts Worldwide LLC. The $52 million that Marriott International, Incorporated was ordered to pay by the Federal Trade Commission of the United States comes out to…
…are you ready?…
…approximately 15 cents per person — and that is not including legal fees or other expenses.
Don’t think that you should feel more safe and secure with regard to your personal information and data, as another breach in the security of your sensitive data is inevitable sometime in the near future…
…and as I rented a car from Hertz in Sweden during that time period, my personal data is probably affected by this security breach as well.
This is getting really tiresome…
All photographs ©2022 by Brian Cohen.
