Hertz Announces Data Breach Involving the Theft of Customer Personal Data, Including Credit Card Information
### Hertz Data Breach: Essential Information
In a troubling turn of events for Hertz customers, the car rental giant has confirmed that personal data from an unspecified number of patrons has been compromised. This breach reportedly encompasses sensitive details such as names, contact information, dates of birth, credit card numbers, and driver’s license data. The incident has sparked concerns across multiple regions, impacting clientele in the United States, Canada, the United Kingdom, the European Union, and Australia.
#### Breach Overview
Although Hertz has not revealed the precise number of customers affected, the breach seems to be extensive. The company disclosed that the breach took place between October and November of the last year, and it was only in February of this year that they recognized the unauthorized access. An analysis of the data to evaluate the complete impact of the breach was finalized in early April.
As stated by Hertz, the breach was associated with vulnerabilities in a system managed by one of its IT partners, Cleo. The firm confirmed that unauthorized third parties exploited these vulnerabilities to access Hertz’s data. In their communication, Hertz mentioned:
> “On February 10, 2025, we confirmed that Hertz data was acquired by an unauthorized third party that we understand exploited zero-day vulnerabilities within Cleo’s platform in October 2024 and December 2024.”
The examination indicated that while the bulk of the compromised data comprised basic personal information, a limited number of individuals may also have had their Social Security numbers, passport information, and medical IDs linked to workers’ compensation claims exposed.
#### Company Actions
Hertz has implemented measures to tackle the issue, including notifying law enforcement and reporting the breach to pertinent regulatory authorities. The company has advised customers to stay alert for any potential misuse of their personal details. As a precautionary action, Hertz is providing two years of complimentary identity theft monitoring services to those who may be affected, partnering with Kroll for these offerings.
Customers in the United States can enroll in identity monitoring services through a specific link offered by Hertz.
#### Effects on Customers
The repercussions of this data breach for Hertz customers could be severe. While the company has mentioned it is not currently aware of any ensuing fraud, the nature of the compromised information could effectively lead to identity theft or financial fraud.
As a precautionary measure, customers are encouraged to keep a close watch on their financial accounts and consider further actions to safeguard their identities. One recommended step is to freeze credit reports, preventing unauthorized individuals from opening accounts or applying for loans under the victim’s name.
#### Regulatory Issues
The timing of Hertz’s disclosure has raised concerns, particularly given the legal obligations in the EU and the US that require companies to report data breaches within a set timeframe. In the EU, businesses must disclose breaches within three days, while in the US, the required timeframe is four days. The delay in Hertz’s notification has brought their compliance with these regulations under scrutiny.
#### Final Thoughts
The Hertz data breach highlights the vulnerabilities present in the digital landscape, especially for businesses that manage sensitive customer data. As the situation evolves, affected customers should take proactive measures to protect their personal information and stay informed about potential risks linked to this incident. The provision of identity monitoring services is a commendable step, but maintaining vigilance will be crucial in safeguarding against possible misuse of personal information.
Read More