Hertz says 2024 hack exposed some customers’ driver license and credit card data

Hertz is notifying customers that a data hack late last year may have exposed their personal data.

The rental-car giant said an analysis of the incident that it completed on April 2 found the breach affected some customers’ birthdates, credit card and driver’s license data and information related to workers’ compensation claims.

The hack occurred between October and December 2024, Hertz said, adding that “a very small number of individuals” may have had their Social Security numbers, passport information and Medicare or Medicaid IDs impacted as well.

The company didn’t disclose how many of its customers were affected by the cyberattack.

Hertz said the hackers accessed the information through systems operated by Cleo Communications, one of its software vendors, and said it was one of “many other companies affected by this event.”

Cleo didn’t immediately respond to a request for comment.

“Hertz takes the privacy and security of personal information seriously,” the company said in a statement, adding that it has reported the breach to law enforcement and is also alerting the relevant regulators. It’s offering two years of free identity-monitoring services to Hertz customers affected by the breach.