Call Us

Hertz Data Breach Class Action Lawsuit

Posted on behalf of Arnold Law Firm on April 15, 2025 in Data Breach
Updated on April 21, 2025

NOTICE: If you received a NOTICE OF DATA BREACH letter from Hertz Global Holdings, Inc., contact the Arnold Law Firm at (916) 777-7777 to discuss your legal options, or submit a confidential Case Evaluation form here.

On April 11, 2025, Hertz Global Holdings, Inc. (“Hertz”) reported to the Maine Attorney General’s Office that its customer’s data had been acquired by an unauthorized third party that had exploited a zero-day vulnerability in Cleo Communications’ platform, a vendor of Hertz (“Data Breach”). On February 10, 2025 Hertz discovered the Data Breach and, after analyzing the data until April 2, 2025, announced that the vulnerability had been used between October 2024 and December 2024.

On or about April 11, 2025, Hertz began sending out data breach notification letters to those affected by the Data Breach. Each notification letter includes an offer for two year’s complimentary membership to Kroll Identity Monitoring Services, a service that provides single bureau credit monitoring, access to a Kroll fraud specialist, and identity theft restoration services.

While Hertz has yet to release the total number of individuals impacted, it reported that 3,409 people in Maine alone had their data compromised. If you received a data breach notification letter from Hertz, it indicates that you were affected by the Data Breach.

Headquartered in Estero, Florida, Hertz, is a major player in the global car rental industry and is the parent company of Dollar Rent A Car, Firefly Car Rental, and Thrifty Car Rental. Founded in 1918, Hertz has grown to serve millions of customers annually across its 12,000 locations in over 160 countries. As of 2024, Hertz reported revenues of approximately $9 billion with 26,000 employees.

WHAT INFORMATION IS INVOLVED IN THE HERTZ CLASS ACTION LAWSUIT?

While Hertz has thus far failed to specify the exact information compromised, data breaches of this kind generally involve:

  • Full names, 
  • Addresses,
  • Driver’s license numbers,
  • Financial information (e.g. account number, credit or debit card number),
  • Dates of birth,
  • Certain other personal information. 

This information is referred to as your Personally Identifiable Information (“PII”). It provides critical details about you and is an integral part of your identity. Businesses are legally required to protect this information, or they risk incurring statutory penalties and other legal repercussions. When PII is stolen, it can be used by identity thieves to commit fraudulent activities using your identity. 

The best way to protect yourself after a data breach is to sign up for credit and identity protection services as soon as possible. California offers extra protections and legal rights to its residents through the California Consumer Privacy Act (“CCPA”).

NOTICE: If you received a NOTICE OF DATA BREACH letter from Hertz, contact the Arnold Law Firm at (916) 777-7777 to discuss your legal options, or submit a confidential Case Evaluation form here.