Strauss Borrelli PLLC, a leading data breach law firm, is investigating The Hertz Corporation, as well as the Dollar and Thrifty brands (collectively, “Hertz”) regarding its recent data breach. The Hertz data breach involved sensitive personal information and protected health information belonging to an unknown number of individuals.
ABOUT THE HERTZ CORPORATION:
Hertz is one of the world’s largest mobility companies, and through its indirect subsidiary, The Hertz Corporation, operates the Hertz, Dollar, and Thrifty vehicle rental brands throughout North America, Europe, the Caribbean, Latin America, Africa, the Middle East, Asia, Australia, and New Zealand.4 Founded in 1918, Hertz operates thousands of rental car locations worldwide and additionally sells vehicles to consumers at Hertz Car Sales locations throughout the United States.4 Headquartered in Estero, Florida, Hertz employs over 10,000 individuals.
WHAT HAPPENED?
Recently, Hertz announced that Cleo Communications US, LLC (“Cleo”), a third-party vendor that provides a file transfer platform used by Hertz, had experienced a data breach in which sensitive personal identifiable information and protected health information in its care may have been compromised. According to the breach notice, Hertz was informed that sensitive information in its systems may have been impacted by the Cleo data breach.1 As a result, Hertz launched an investigation to determine the nature of the incident.
Through its investigation, on February 10, 2025, Hertz confirmed that sensitive personal information in its systems may have been accessed and obtained by an unauthorized third party using zero-day vulnerabilities within Cleo’s platform in October 2024 and December 2024.1 As a result, Hertz began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. On April 2, 2025, Hertz completed this review. While the information impacted varies depending on the individual, the type of information potentially exposed includes:
- Name
- Social Security number
- Date of birth
- Contact information
- Driver’s license information
- Passport information
- Other government identification numbers
- Credit card information
- Information related to workers compensation claims
- Medicare or Medicaid ID
- Injury related information associated with vehicle accident claims
As a result of the data breach, Hertz posted a notice of the incident on its website. Additionally, on April 11, 2025, Hertz began sending breach notification letters to impacted individuals. Based on the website breach notice, Hertz is providing affected individuals with a list of the specific types of sensitive information impacted and 24 months of complimentary credit monitoring services. A link to the form breach notification that Hertz posted to its website is below.
If you received a breach notification letter from The Hertz Corporation:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
