Hertz Data Breach: What Personal Data Was Exposed?

When you rent a car, you hand over a surprising amount of sensitive personal information, from your driver’s license to your credit card details. That’s why the recent Hertz data breach is especially troubling. The rental car giant confirmed that hackers gained unauthorized access to its systems, exposing a wide variety of customer and employee data.

This breach isn’t just about leaked email addresses. The compromised data includes information that can’t simply be “reset” like a password. From Social Security numbers to Medicare IDs, the exposed records could cause long-term harm to millions of people worldwide.

Here’s a breakdown of the types of data involved, the risks victims may face, and what steps you can take if your information was caught up in the Hertz data breach.

Commonly Exposed Personal Information

The first layer of compromised data involves basic personally identifiable information (PII). According to reports, this includes:

• Full names
• Home and mailing addresses
• Dates of birth
• Phone numbers and email addresses

While this might seem like “surface-level” information, it can be highly valuable to cybercriminals. A scammer with your full name, date of birth, and address can impersonate you to access accounts, trick banks into resetting passwords, or launch targeted phishing campaigns. Combined with other stolen data, these details become a dangerous puzzle piece in larger identity theft schemes.

Financial Data

One of the most pressing concerns for Hertz customers is the exposure of financial information. This breach is reported to include:

• Credit and debit card numbers
• Bank account details
• Billing addresses

Unlike names and addresses, which you can’t easily change, financial data can lead to immediate and direct harm. Criminals can rack up fraudulent charges, attempt to drain accounts, or even sell the information on dark web marketplaces. For victims, that means monitoring bank statements daily and being prepared to cancel cards and reset accounts at short notice.

Driver’s License and Government ID Information

Because Hertz requires government-issued identification to rent vehicles, driver’s license data is among the most sensitive categories exposed. This includes:

• License numbers
• Issuing state information
• Potential scanned copies of IDs

Why does this matter? A stolen license number can be used in fraudulent traffic citations, rental scams, or even to obtain additional fake IDs in your name. In some states, criminals can commit crimes while using your license details, leaving you to untangle the legal mess.

Workers’ Compensation and Accident-Related Data

Another overlooked but serious concern is the exposure of workers’ compensation and accident records. This information may include:

• Details of workplace injuries
• Accident claim reports
• Insurance claim histories

This data is especially troubling because it overlaps with both health and employment records. Cybercriminals could use it to file fraudulent claims, impersonate victims with insurers, or blackmail individuals by exposing sensitive injury histories.

The Most Sensitive Subset: SSNs, Passports, and Medicare/Medicaid IDs

At the heart of the Hertz breach lies the most dangerous category of exposed data: Social Security numbers (SSNs), passports, and government health identifiers.

These pieces of information are far more damaging than a stolen credit card. Here’s why:

• Social Security numbers – Permanent, impossible to replace, and the key to everything from loans to tax filings. Once stolen, an SSN can be used for years to commit fraud.
• Passports – If compromised, they can be used for illegal travel, immigration fraud, or international scams.
• Medicare/Medicaid IDs – These open the door to medical identity theft, where criminals receive treatment, prescriptions, or benefits under your name.

The long-term impact of losing control of these identifiers cannot be overstated. Victims may face years of fraudulent activity linked to their identity.

Regional Differences in Exposure

While the Hertz data breach primarily impacts U.S. customers, reports suggest that international users may also be affected. In places like Australia, the data collection process differs slightly, and additional government identifiers or insurance details may have been exposed. The scope of the breach may vary by region, but the global footprint of Hertz means millions of customers are at risk worldwide.

Risks of Exposure

The stolen data poses several risks, including:

• Identity theft – Criminals can open new lines of credit, apply for loans, or even file fraudulent tax returns in your name.
• Medical fraud – Medicare or Medicaid identifiers can be misused for false claims, which may leave victims with inaccurate medical histories.
• Insurance scams – Workers’ comp or accident-related data could be exploited in staged or fraudulent insurance claims.

Perhaps the most alarming aspect is that, unlike a credit card, where you can request a replacement, permanent identifiers like SSNs and passports don’t expire and can’t simply be “reset.” This makes the fallout much harder to contain.

Protecting Yourself After the Hertz Breach

If you’ve received notice or even suspect that your data may have been exposed, consider taking the following steps:

1. Check if you’re affected – Review any official notices from Hertz and verify your status.
2. Monitor your accounts – Regularly check bank, credit card, and insurance statements.
3. Set up a credit freeze – This prevents new credit accounts from being opened in your name without your consent.
4. Request replacements for compromised IDs – Contact your DMV for a new driver’s license, the U.S. State Department for passports, and Social Security Administration if your SSN is at risk.
5. Watch for phishing scams – Criminals often use breach data to send convincing fake emails, texts, or calls designed to steal more information.
6. Document everything – Keep records of suspected fraud, correspondence with agencies, and replacement requests. This documentation may be vital in pursuing claims or legal remedies.
   
    

Legal Implications of the Breach

Corporations like Hertz have a duty to protect customer and employee data. When they fail, victims may have grounds to pursue legal action. Data breach lawsuits can help hold companies accountable and may provide compensation for:

• Costs associated with replacing IDs and documents
• Expenses from fraud or identity theft recovery
• Emotional distress caused by the breach

At Morgan & Morgan, we have extensive experience representing victims of corporate data breaches and fighting for their rights against large companies.

What specific personal data was leaked in the Hertz breach?

The breach exposed names, addresses, dates of birth, financial information, driver’s license details, workers’ comp data, and highly sensitive identifiers such as SSNs, passports, and Medicare/Medicaid IDs.

Why is SSN exposure riskier than other data?

Your Social Security number is permanent. Unlike a password or card number, it cannot be changed, making it a lifelong target for identity thieves.

How can I safeguard my driver’s license?

Contact your local DMV to request a replacement license. Some states also allow you to flag your license number in case of fraudulent use.

What should I do about passport exposure?

Report the loss to the U.S. State Department and apply for a replacement immediately. A compromised passport can be used for international identity theft or travel fraud.

Next, contact Morgan & Morgan. If you were affected, you shouldn’t have to deal with the financial and emotional consequences alone.

At Morgan & Morgan, we fight for victims of data breaches and have the resources to take on large corporations like Hertz. If you received a notification or even if you’re uncertain whether your data was exposed, contact us today for a free, no-obligation case evaluation.