Popular car rental company Hertz began distributing a “notice of data incident” to customers worldwide, including customers in the USA. The letter mentions a cyber incident that happened in the fourth quarter of last year. The bad actors targeted and successfully hacked a third-party vendor of Hertz that provides file transfer services.
Sensitive data compromised in the cyber attack
The criminals accessed extremely sensitive information belonging to Hertz customers, such as government document numbers, SSNs, and passport information. The stolen data also included credit card numbers and driver’s license numbers. Contact details like emails and cell numbers were compromised too. The identity of the attackers is still unknown. Experts believe it was a Russia-affiliated ransomware gang called Clop. The attack was discovered on February 10th, 2025. It´s unclear why Hertz and its third-party provider took months to report it.
Dark web activity and customer protection efforts
Random parts of the stolen data started appearing on the dark net, sparking an investigation by Hertz. The rental company concluded that the stolen data indeed belonged to their customers. The analysis was completed on April 2nd, 2025. This means that the stolen info, which was obtained by the hackers between October and December 2024, has likely been passed around on the dark web for months.
You might be interested in: Dark Web Scanner, the tool that checks if your email has been hacked
Hertz has secured a 2-year dark net and identity monitoring services for US residents, and any affected Hertz customers in the USA can access the service here. Hertz has not disclosed the number of people affected by the incident, but the company has millions of customers yearly, so the number of affected folks is likely very high. The Florida-based car rental company advises its customers to keep an eye on all major credit reports and immediately report any suspicious behavior. The letter from Hertz confirms the company is not yet aware of any misuse of the stolen data.
High-profile leaks happen constantly, and companies often recommend that victims put a credit freeze on all major bureaus – Equifax, Experian, and TransUnion. Hackers with access to so much sensitive information might be able to commit fraud, such as getting a mortgage or loan or performing other activities that require credit checks, such as buying a smartphone from a wireless provider or financing a car. Having proper antivirus software on all connected devices has never been more important. Being vigilant is no longer enough; folks require professional help from reputable antivirus providers.
You might be interested in: Credit Card Fraud Prevention: 12 Tips to Protect Yourself
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
You May also Like
Panda Free Antivitus
FREE TECHNICAL SUPPORT
