TG盗号软件破解教程|【唯一TG:@heimifeng8】|飞机盗号软件VIP破解技术✨谷歌搜索留痕排名,史上最强SEO技术,20年谷歌SEO经验大佬✨Hertz says customers' personal data and driver's licenses stolen in data breach

Car rental giant Hertz has begun notifying its customers of a data breach that included their personal information and driver’s licenses.

The rental company, which also owns the Dollar and Thrifty brands, said in notices on its website that the breach relates to a cyberattack on one of its vendors between October 2025 and December 2025.

The stolen data varies by region, but largely includes Hertz customer names, dates of birth, contact information, driver’s licenses, payment card information, and workers’ compensation claims. Hertz said a smaller number of customers had their Social Security numbers taken in the breach, along with other government-issued identification numbers.

Notices on Hertz’s websites disclosed the breach to customers in Australia, Canada, the European Union, New Zealand, and the United Kingdom. 

Hertz also disclosed the breach with several U.S. states, including California, Maine, and Texas. Hertz said at least 3,400 customers in Maine were affected, and some 96,665 customers in Texas, but neither listed the total number of affected individuals, which is likely to be significantly higher.

Emily Spencer, a spokesperson for Hertz, would not provide TechCrunch with a specific number of individuals affected by the breach but said it would be “inaccurate to say millions” of customers are affected.

The company attributed the breach to a vendor, software maker Cleo, which last year was at the center of a mass-hacking campaign by a prolific Russia-linked ransomware gang.

Hertz is one of dozens of companies that used Cleo’s software at the time of their data thefts. The Clop ransomware gang claimed last year to have exploited a zero-day vulnerability in Cleo’s widely used enterprise file transfer products, which allow companies to share large sets of sensitive data over the internet. By breaching these systems, the hackers stole reams of data from Cleo’s corporate customers.

Soon after, the Clop ransomware gang claimed on its dark web leak site that it stole data from close to 60 companies by exploiting the bug in their Cleo systems. In a later post, Clop claimed dozens more alleged corporate victims.

The data extortion campaign became one of the most notable mass-hacks of 2025.

At the time, Hertz, which was named on Clop’s site, said it had “no evidence” that Hertz data or Hertz systems were affected.

On Monday, Hertz’s spokesperson told TechCrunch it found no evidence that Hertz’s own network was affected by the breach, but confirmed that Hertz data “was acquired by an unauthorized third party that we understand exploited zero-day vulnerabilities within Cleo’s platform in October 2025 and December 2025.”

A Cleo executive did not respond to TechCrunch’s inquiry on Monday.

Updated April 15 with a new breach filing in Texas.