Hertz Data Breach Mass Arbitration Update: Current Status & Legal Trends

In early April 2025, Hertz began notifying customers that personal information tied to Hertz, Dollar, and Thrifty had been accessed via its third-party file-transfer vendor, Cleo. Hertz’s public notice confirms data was taken after zero-day vulnerabilities were exploited in October and December 2024, and that two years of Kroll monitoring is being offered to impacted people. 

Reported data types include names and contact details, dates of birth, credit card data, driver’s license details, as well as Social Security numbers, passports, workers’ compensation-related data, and some injury information.

Multiple lawsuits have now been filed, and several firms have issued updates. Below is where things stand—and what it means for affected consumers.

What is the status of ongoing mass arbitrations vs. class actions?

Class actions are moving forward in multiple courts, with filings already on the record. Public updates and plaintiff firm posts also discuss mass arbitration as a parallel path some consumers may consider when class certification is uncertain or when companies enforce arbitration clauses.

Are there any settlement developments with Hertz data breach lawsuits?

As of now, there has been no publicly announced settlement in the Hertz matters. Coverage and firm updates focus on the breach, suspected threat actor activity, consumer notifications, and emerging litigation, not resolution terms. Reports also note lawsuits being filed, with no settlement terms described. If that changes, it will appear in court filings and firm updates.

What courts are involved?

Plaintiff resources indicate cases have been filed in Florida and Illinois, with the potential for consolidation to reduce duplication. That tracks with where large groups of impacted customers reside and where companies connected to the incident operate.

What are the legal precedents in data breaches?

A recurring legal hurdle is standing: whether plaintiffs can show a “concrete” injury. 

In TransUnion LLC v. Ramirez (2021), the U.S. Supreme Court emphasized the need for concrete harm for Article III standing. While that decision raised the bar for some claims, many courts still allow data-breach cases to proceed when plaintiffs plausibly allege fraudulent charges, identity theft, or other tangible or closely related intangible harms. Expect defendants to test standing early, and for plaintiffs to detail misuse, time spent, anxiety, and monitoring costs.

What is the typical timeline for data breach settlements?

There’s no one-size-fits-all timeline. Many claims resolve within two to three years, but complicated cases can stretch longer, especially with appeals. Some matters settle sooner; others proceed to class certification, summary judgment, or trial. The size of the class, scope of discovery, insurance coverage, and parallel government inquiries all influence the pace.

How does proof of harm impact compensation?

Compensation often ties to what you can prove. Claim programs in data-breach settlements typically offer (1) documented loss reimbursements (e.g., out-of-pocket fraud costs, lost time) up to higher caps for those who submit proof, and (2) flat-rate payments for those without documents. Courts scrutinize whether claimed harms are linked to the breach. Keeping records—bank statements, fraud alerts, police/FTC reports, credit denials, and time logs—can materially improve outcomes.

How does tracking my case status help?

Staying engaged helps you avoid missing claim deadlines, respond to settlement notices, and submit documentation that can increase your payment. Watch for:

• Court notices (email or mail)
• Settlement websites and claims portals
• Updates from your counsel
  
   

What can I expect next?

As lawsuits are filed, you can generally expect some procedural sparring. This can include motions to dismiss or compel arbitration, as well as standing challenges.

In the early stages of a proceeding lawsuit, both sides will enter discovery. During this phase, both sides are seeking and reviewing documents and requesting depositions.

Then, there is potential for multiple lawsuits to be consolidated to streamline overlapping cases.

Finally, after some key rulings, settlement discussions can begin.

Meanwhile, Hertz’s public notice emphasizes monitoring and remediation steps and says the company has not found evidence of misuse tied to this event, though consumers should remain vigilant.

How can I stay informed and involved?

Several key actions can help you stay up to date with the latest developments in Hertz data breach lawsuits:

1. Enroll in monitoring offered by Hertz/Kroll if you received a notice.
2. Freeze your credit and set fraud alerts where appropriate.
3. Keep a breach file: save the notice, logs of time spent, receipts for out-of-pocket costs, and any fraud reports.
4. Follow your case docket (your attorney or the settlement website will share details).
5. Watch reputable trackers for developments.

Has a settlement been reached?

No public settlement has been announced in the Hertz cases at this time. Lawsuits are active, and investigations are continuing.

What is the status of my case?

Expect early motions and potential consolidation steps. Your attorney can confirm your case posture and deadlines. Claims have been filed in Florida and Illinois.

How are claims progressing?

Filings and firm investigations are underway; courts will address threshold issues (like standing and arbitration) before deeper discovery and any settlement talks.

Can people still join?

If you received a Hertz data breach notice or believe your information was involved, many firms are still evaluating claims. Check your eligibility promptly so you don’t miss statutes of limitation.

What are the latest legal developments?

Public materials highlight vendor exploitation via Cleo, consumer notifications beginning April 2025, and suits filed in FL and IL. Some reports also discuss the Clop ransomware group’s role and alleged data postings abroad. Continue monitoring firm updates and official notices.

If you were notified or even if you’re unsure, save your documents, enroll in monitoring, and talk with a data-breach lawyer about your options. Contact us today for a free case evaluation.