Hertz Data Breach 2025: Step-by-Step Guide to Protecting Yourself

In early 2025, Hertz confirmed a significant data breach affecting customers of its Hertz, Thrifty, and Dollar brands. The breach was traced back to a cyberattack on a third-party vendor, Cleo Communications, which exploited vulnerabilities in Cleo’s file transfer platform. 

This incident compromised sensitive personal information, including names, contact details, birth dates, credit card numbers, driver's license information, and, in some cases, Social Security numbers and passport details.

If you believe you were affected by the Hertz data breach, your next steps are your most important. Here’s what to do.

What to Do After the Hertz Data Breach

1. Confirm Whether You Received a Notice

Hertz has been notifying affected individuals via mail. If you haven't received a notice but suspect you might be affected, check your spam folder for emails from Hertz or Cleo. You can also contact Hertz's dedicated helpline at (866) 408-8964 for confirmation.

2. Monitor Accounts and Credit Reports

Regularly review your bank and credit card statements for unauthorized transactions. Obtain free annual credit reports from the three major credit bureaus—Equifax, Experian, and TransUnion—by visiting AnnualCreditReport.com. This will help you detect any unusual activity early.

3. Enroll in Kroll Identity Monitoring (Offered Free)

Hertz is offering two years of free identity monitoring or dark web monitoring services through Kroll to affected customers. These services can help detect and prevent identity theft by monitoring your credit reports and scanning the dark web for any compromised personal information.

4. Set Up Credit Freezes and Fraud Alerts

Consider placing a fraud alert or a credit freeze on your credit files by contacting any of the three major credit bureaus. A fraud alert warns creditors to take extra steps to verify your identity before extending credit. A credit freeze prevents creditors from accessing your credit report entirely, making it more difficult for identity thieves to open accounts in your name.

5. Monitor for Phishing or Scams

Be extra cautious of unsolicited emails, messages, or phone calls attempting to exploit the breach. Scammers may impersonate Hertz or other entities to steal your personal information. Always verify the source before providing any sensitive data.

6. Document Your Actions for Possible Claims

Keep detailed records of all communications related to the breach, including notices from Hertz, correspondence with credit bureaus, and any steps you've taken to protect your information. This documentation may be crucial if you need to file a claim or participate in a lawsuit.

7. Follow Updates From Reputable Legal Groups

Stay informed about your rights and potential legal actions by following updates from reputable legal groups and consumer protection agencies. They can provide guidance on the next steps and any compensation you may be entitled to.

8. Use Official Helplines and Avoid Scams

Always use official contact information provided by Hertz or trusted sources. Avoid responding to unsolicited messages or visiting links from unknown senders, as they may lead to phishing sites.

9. Contact Morgan & Morgan if Your Info Falls Info the Wrong Hands

If you believe the data leak has led to real damages, harming your credit, peace of mind, or worse, contact Morgan & Morgan for a free case evaluation to learn more about your legal options. You may be entitled to compensation.

Long-Term Vigilance Strategies

As time goes on, stay vigilant and smart about possible future scams that can come from this data breach.

• Regularly Update Passwords: Change passwords for your online accounts, especially those related to financial services.
• Enable Two-Factor Authentication: Where possible, enable two-factor authentication to add an extra layer of security to your accounts.
• Stay Informed: Keep abreast of any new developments related to the breach and adjust your protective measures accordingly.
• Stay Alert for Additional Scams: If you receive communications from law firms regarding the breach, verify their legitimacy before engaging. Official notices from Hertz will be sent via mail and will not ask for sensitive information like passwords or Social Security numbers.
   

What immediate steps should I take after a data breach?

Immediately monitor your accounts and credit reports, enroll in identity monitoring services, and consider placing fraud alerts or credit freezes on your credit files.

What is Kroll and how do I sign up?

Kroll is a financial and risk advisory firm offering identity monitoring services. Hertz is providing two years of Kroll's services free of charge to affected customers. You can sign up through the link provided in the notice you received from Hertz,

How do I freeze my credit?

Contact each of the three major credit bureaus—Equifax, Experian, and TransUnion—to request a credit freeze. This can typically be done online, by phone, or by mail.

Can I recover money lost to identity theft?

 If you suffer financial loss due to identity theft, you may be eligible for compensation through lawsuits or by filing claims with the relevant authorities. Keep detailed records of any losses and communications related to the incident.

How long do I need to monitor my data?

It's advisable to monitor your credit reports and financial accounts for at least two years, especially if you enrolled in Kroll's monitoring services. However, ongoing vigilance is recommended to detect any long-term effects of the breach, and if you suspect suspicious activity, follow the steps above and contact us for a free case evaluation.