Hertz says 2024 hack exposed some customers’ driver license and credit card data

Hertz is notifying customers that a data hack late last year may have exposed their personal data.

The rental car giant said an analysis of the incident that it completed on April 2 found the breach affected some customers’ birthdates, credit card and driver’s license data and information related to workers’ compensation claims. The company also said the Social Security numbers, passport information and Medicare or Medicaid IDs of “a very small number of individuals” may have been affected, as well.

Hertz didn’t disclose how many of its customers the cyberattack affected.

The hack occurred in October and December, the company said. A spokesperson didn’t immediately elaborate on the timeline of the breach.

Hertz said the hackers accessed the information through systems operated by Cleo Communications, one of its software vendors, and said it was one of “many other companies affected by this event.”

Cleo didn’t immediately respond to a request for comment.

“Hertz takes the privacy and security of personal information seriously,” the company said in a statement, adding that it has reported the breach to law enforcement and is also alerting the relevant regulators. It’s offering two years of free identity-monitoring services to Hertz customers affected by the breach.

CORRECTION (April 15, 2025, 7 p.m. ET): An earlier version of this article misstated when Hertz said the hack took place. It occurred in October and December 2024, not from October to December 2024.