Car rental company Hertz said that hackers accessed the personal data of its customers.
The company said the data breach accessed some customers’ birthdates, credit cards, driver’s licenses and workers’ compensation claims information. “A very small number of individuals” may have also had their Social Security numbers, passport information and Medicare or Medicaid information taken.
Hertz did not say how many customers may have fallen victim to the hackers, but at least 3,400 customers in Maine were affected, and another 86,886 in Texas. California was also among the states where customers were targeted.
Customers in Australia, Canada, the European Union, New Zealand and the United Kingdom were also alerted of the cyberattack.
A company spokesperson said it would be “inaccurate to say millions.”
The hackers accessed the system through a vendor, Cleo Communications, which provides file transfer services, in October and December, Hertz said, adding that the company’s own network was not affected. The Clop ransomware gang admitted to exploiting a zero-day vulnerability in the file-sharing system. WK Kellogg was also a victim of the same hack.
A zero-day vulnerability means there is an issue with a system or device that has been disclosed, but there is no patch to correct the issue or to block access.
Hertz also owns Dollar and Thrifty. The notice of the hack was made by Hertz on behalf of all three brands.
Hertz is offering customers two years of identity-theft protection. For more information, call 866-408-8964.
© 2025 Cox Media Group
