Hertz Confirms Data Breach After Hackers Stole Customer PII
Hertz confirms data breach linked to Cleo software flaw; Cl0p ransomware group leaked stolen data, exposing names, driver’s licenses, and credit card details.
Car rental company Hertz has announced that some of its customers’ private details were accessed without permission. This happened because of vulnerabilities in Cleo Communications US, LLC (Cleo), a company that provides software services to Hertz.
It is worth noting that in December 2024, the Cl0p ransomware group claimed responsibility for exploiting vulnerabilities in Cleo’s managed file transfer software, leading to the theft of large amounts of corporate data. A few days later, the group published the stolen Hertz data archive on its dark web leak site.
In its official press release (PDF), Hertz, which also owns Dollar and Thrifty car rental brands, explained that Cleo runs a system that Hertz uses to send files for specific tasks. On February 10, 2025, Hertz found out that some of its data was taken by an unauthorised individual, who Hertz believes took advantage of weaknesses, called zero-day vulnerabilities, in its software and were exploited in October 2024 and December 2024.
Right after detecting suspicious activity, Hertz launched an investigation to understand what happened and what information could be exposed. This investigation concluded on April 2, 2025, revealing that accessed data may include names, contact details, birth dates, credit card numbers, and driver’s license information.
“A very small number of individuals may have had their Social Security or other government identification numbers, passport information, Medicare or Medicaid ID (associated with workers’ compensation claims), or injury-related information associated with vehicle accident claims,” may also be impacted, the company explained.
Hertz confirmed that Cleo is investigating the issue and fixing the software problems, and that they have already reported this data breach to the police and other government agencies. To be extra careful, Hertz is offering two years of free identity monitoring or dark web monitoring services to people who might be affected, through a company called Kroll.
Notably, a data breach notification filed with the Maine Attorney General reveals that 3,409 residents of Maine were affected by this data breach. Because this number exceeds 1,000, Hertz has notified consumer reporting agencies, as required by law in Maine. The breach is categorised as an “External system breach (hacking),” according to the Maine Attorney General’s filing, providing a clearer understanding of the nature of the security incident.
Herts claims that at the moment, there is no evidence that anyone’s information has been used to commit fraud. The company also recommends checking account statements and credit reports regularly and has provided a phone number, 866-408-8964, to call if you have more questions.
You can also put a fraud alert on their credit file for free, the company notes. An initial alert lasts for one year. To set up a fraud alert, you need to contact Equifax, Experian, or TransUnion.
Another option is to put a “credit freeze” on your credit report. This stops credit bureaus from sharing information without the person’s permission. This can help prevent new credit accounts from being opened in someone’s name without their knowledge. However, Hertz warns that a credit freeze might delay or prevent the approval of new loans or credit if you need them quickly.
Thomas Richards, Infrastructure Security Practice Director at Black Duck, a Burlington, Massachusetts-based provider of application security solutions, commented on the latest development, stating:
“It’s incredibly unfortunate that customers had their sensitive information compromised in such an attack. Data is a form of currency for cybercriminals, and therefore, it is essential that all organisations harbouring sensitive information manage their software risk by taking measures to improve their cybersecurity posture to prevent a compromise like this from happening again.”
