Hertz Says Hackers May Have Your Driver’s License Info

Car rental giant Hertz warns that hackers have exploited a software weakness, potentially exposing customer data.

Hertz is one of the biggest car rental companies in the world. Based in Estero, Florida, the company operates its namesake Hertz brand, along with the brands Dollar Rent A Car, Firefly Car Rental and Thrifty Car Rental.

According to a “Notice of Data Incident” issued by Hertz, an unauthorized third party presumably exploited “zero-day vulnerabilities” within the systems of one of its IT partners late last year.

Data ‘acquired’ by an unauthorized third party

“On February 10, 2025, we confirmed that Hertz data was acquired by an unauthorized third party.

Hertz immediately began analyzing the data to determine the scope of the event and to identify individuals whose personal information may have been impacted.”

A zero-day vulnerability is a flaw only known by the hacker, making it exploitable unless the vendor discovers the flaw and issues a software patch.

“This notice provides details about the event, measures we have taken in response, and additional steps potentially impacted individuals can take to help protect their personal information, if they feel it is necessary to do so,” reads the advisory.

Driver’s license, credit card, contact information

Hertz completed the data analysis earlier this month and concluded that the personal information involved in this event may include:

·      name

·      contact information

·      date of birth

·      credit card information

·      driver’s license information

·      information related to workers’ compensation claims

For a “very small number of individuals,” Social Security or other government identification numbers, passport information, Medicare or Medicaid ID associated with workers’ compensation claims, or injury-related information associated with vehicle accident claims are impacted by the event.

No evidence of misuse for fraudulent purposes

“While Hertz is not aware of any misuse of personal information for fraudulent purposes in connection with the event, we encourage potentially impacted individuals, as a best practice, to remain vigilant to the possibility of fraud or errors by reviewing account statements and monitoring free credit reports for any unauthorized activity and reporting any such activity,” the company notes.

Hertz has contracted Kroll to provide potentially impacted individuals with free identity monitoring services.

“Hertz takes the privacy and security of personal information seriously,” the company adds.

Hertz has reported the incident to law enforcement and is now reaching out to the regulators for full transparency.

How to protect against scams citing your data

Supply-chain attacks like those Hertz suffered here enable fraudsters to use the stolen data to build cunning socially engineered scams.

When in doubt about a suspicious text, phone call, or social media interaction, Bitdefender recommends using Scamio, our free, scam-fighting AI bot. You can share with Scamio the exact thing you want to check, such as a screenshot, link, or QR code – or simply describe the situation to our chatbot in your own words. Scamio lets you know in seconds if it’s a sham.

If you’re a Hertz customer, look for suspicious emails or texts citing your personal information.

Anyone affected by a data breach should consider a data monitoring service. Bitdefender Digital Identity Protection lets you know if your data has leaked online, what risks you face, and how to protect yourself.

For peace of mind, consider using a security solution on all your personal devices for peace of mind

You may also want to read:

US Clinical Lab Tells 1.6 Million Customers to 'Protect' Their Data Following Cyberattack

Hackers Threaten to Leak Highly Sensitive Files from Lee Enterprises Breach

FTC: Americans Lost $12.5 Billion to Scams Last Year

How to Spot a Voice Cloning Scam