Remember when renting a car meant worrying about insurance and gas prices? Those were simpler times. Now Hertz customers face a new concern as the rental giant confirmed a significant data breach affecting its Hertz, Thrifty, and Dollar brands.
The Security Vulnerability Exploited
Between October and December 2024, cybercriminals exploited zero-day vulnerabilities in Cleo’s integration platform—a third-party vendor used by Hertz.
According to Hertz’s data breach notification, the compromised information varies by individual but includes names, contact information, birth dates, and credit card details. Driver’s license information was also exposed for many family members. A smaller subset of customers may have had more sensitive data compromised, including Social Security numbers, passport details, and medical information related to vehicle accident claims.
Detection Timeline
Hertz discovered the unauthorized access on February 10, 2025—approximately two to four months after the initial breach occurred, according to the company’s statements. This timeline suggests attackers had extended access to customer data before detection.
According to cybersecurity professionals, such delays between breach and discovery are concerning but not uncommon. A 2024 IBM security report noted that the average time to identify a breach across industries is 197 days, highlighting the persistent challenge of timely detection.
Company Response
In response to the breach, Hertz has implemented enhanced security measures and is offering affected customers two years of free identity monitoring services. The company has also notified appropriate regulatory authorities and law enforcement.
A Hertz representative stated the company is taking steps to prevent similar incidents in the future and is advising customers to remain vigilant against potential fraud attempts, though no misuse of personal information has been detected thus far.
The Perpetrators: Clop Ransomware Group
Security researchers have identified the Clop ransomware group as responsible for the attack. Clop is a sophisticated cybercriminal organization known for targeting companies through zero-day vulnerabilities in file transfer applications.
According to multiple cybersecurity firms tracking their activities, Clop has published portions of Hertz’s data on their extortion site in January 2025, a tactic they frequently employ to pressure companies into paying ransoms.
Clop has established a pattern of highly targeted attacks rather than opportunistic breaches. The group carefully selects vulnerabilities that will yield valuable data and executes attacks with technical precision to maximize their chances of success while minimizing detection.
Protecting Affected Customers
For affected customers, security experts recommend taking additional steps beyond the free monitoring services provided by Hertz. The Federal Trade Commission advises placing fraud alerts on credit reports, considering credit freezes, and monitoring financial accounts regularly for suspicious activity.
The compromise of driver’s license information presents particular challenges. Unlike credit cards, driver’s license numbers cannot be easily changed, creating an extended period during which the information could be misused for identity theft or fraud.
The Broader Security Challenge
This breach highlights an ongoing challenge in data security: the need for robust protection not just within companies themselves but across their third-party vendor ecosystem. According to a 2024 Ponemon Institute study, 59% of organizations have experienced a data breach caused by a third party or vendor.
For Hertz customers, this incident serves as another reminder of the potential downstream consequences when personal information is compromised—consequences that extend far beyond the initial transaction of renting a vehicle.
