Inside the 2025 Hertz Data Breach: What Happened, What It Means, and How to Stay Protected

In an era where digital infrastructure forms the backbone of every business, data breaches are no longer rare—they’re expected. But when the victim is a globally recognized company like Hertz, it shakes public confidence and reminds us how vulnerable even the most established organizations can be.

On April 14, 2025, Hertz disclosed a significant data breach that exposed sensitive customer information. The revelation sent shockwaves through the industry and reignited discussions around enterprise cybersecurity posture, third-party risk management, and the increasing boldness of cybercriminals.

This blog dives deep into the breach—examining what happened, why it happened, how it could’ve been prevented, and what lessons businesses and individuals must learn from it.

The Breach Breakdown: What Happened at Hertz?

The Timeline

Hertz began investigating suspicious activity in its systems around April 10, 2025. Internal monitoring tools flagged unauthorized access attempts to backend services that store customer-related data. By April 12, external cybersecurity experts were engaged. Just two days later, Hertz made a public disclosure confirming a data breach affecting customer information.

The exact scale of the breach is still being assessed, but early statements indicate that the attackers successfully exfiltrated data containing personally identifiable information (PII). This may include names, email addresses, phone numbers, reservation history, billing addresses, and possibly even partial payment information.

Initial Indicators of Compromise (IoCs)

Hertz’s security team reported seeing:

• Multiple unauthorized logins from IP addresses originating in Eastern Europe and Southeast Asia.
• Sudden spikes in network traffic targeting internal APIs.
• Indicators of potential privilege escalation, allowing lateral movement within their corporate network.

While the breach has yet to be attributed to a specific hacking group, patterns of activity suggest a financially motivated threat actor, possibly associated with known ransomware affiliates or data resale groups on dark web forums.

The Technical Perspective: How Could This Happen?

Entry Points: The Usual Suspects

Though the company hasn’t shared in-depth forensic results, security analysts familiar with similar breaches speculate that the attack vector could be one of the following:

1. Phishing Attack on Employees

Phishing remains the #1 cause of breaches globally. If a Hertz employee clicked on a malicious email attachment or link, it could’ve provided attackers access to internal systems.

2. Exploiting a Web Application Vulnerability

Many organizations, including rental companies, rely on legacy systems with APIs that are often poorly secured. Attackers could have exploited an unpatched CVE in a web server, app layer, or database.

3. Compromised Third-Party Vendor

Supply chain attacks are rising. If one of Hertz’s vendors had weaker security practices, the attackers might have entered through them.

4. Stolen Credentials

Using brute force or credential stuffing techniques (especially if users reused passwords from other breached services), attackers could’ve gained access without triggering alarms.

The Real-World Impact of the Hertz Breach

For Customers

• Loss of privacy: Exposure of personal data creates risks of identity theft and social engineering.
• Financial threats: If partial payment data was leaked, customers could face credit card fraud or scams.
• Erosion of trust: Customers expect big brands like Hertz to protect their information. This incident damages loyalty.

For the Company

• Regulatory scrutiny: Hertz operates in jurisdictions governed by GDPR, CCPA, and Australian Privacy Laws. Failure to protect customer data may trigger massive fines.
• Brand reputation damage: Negative press spreads quickly and can affect customer perception for years.
• Legal actions: Class-action lawsuits from affected customers are not uncommon after such breaches.
• Shareholder confidence: Data breaches often trigger a temporary drop in stock price and long-term investor concerns.

Breach Cost Benchmarks

• According to IBM’s Cost of a Data Breach Report 2024, the average cost per record compromised is $164.
• If even 1 million records were affected, this could result in $164 million+ in direct and indirect losses for Hertz.

Could It Have Been Prevented?

Absolutely—and this is the painful part.

Let’s look at cyber hygiene practices that could have reduced the risk or impact of the Hertz breach:

1. Zero Trust Architecture

Organizations should move away from traditional “castle and moat” security. Zero Trust verifies every user and device before granting access, assuming that every access attempt is a potential breach attempt—even from inside.

2. Privileged Access Management (PAM)

Only essential personnel should have admin rights. PAM tools help monitor and control elevated access and detect abuse or misconfigurations.

3. Multi-Factor Authentication (MFA) Everywhere

One-time passwords, biometrics, or hardware tokens can drastically reduce the chances of account compromise—even if a password is stolen.

4. Continuous Penetration Testing

Simulating real-world attacks regularly can help detect vulnerabilities before adversaries exploit them. Many companies still rely only on annual audits, which isn’t enough in today’s threat landscape.

5. 24/7 Threat Intelligence Monitoring

Leveraging SIEM and XDR platforms that incorporate AI-based anomaly detection helps identify suspicious activity in real time.

What We Can Learn from This Breach

For Organizations

• Cybersecurity must be proactive, not reactive.
• Human error remains the biggest risk—training must be ongoing, not a checkbox activity.
• Incident response plans must be rehearsed, documented, and updated based on real threat intelligence.
• Ensure third-party risk management programs are in place. A vendor’s breach is your breach too.

For Individuals

• Don’t ignore breach notifications—take action immediately.
• Use a password manager to generate unique passwords for every account.
• Regularly monitor your credit score and bank statements.
• Be cautious of Hertz-themed phishing emails asking for personal verification—always verify the sender.

A Broader Context: Breaches Are the New Normal

Hertz isn’t alone. Let’s not forget:

• T-Mobile experienced its 8th breach in just 5 years.
• Change Healthcare lost control of sensitive medical data due to unpatched servers.
• MOVEit flaws affected hundreds of institutions, from governments to universities.

Each of these breaches had one thing in common: a single point of failure was exploited due to delayed response, lack of awareness, or system neglect.

In an interconnected world, breaches in one system can cascade across supply chains and user ecosystems.

Conclusion

Hertz’s data breach is yet another reminder that cybersecurity is not just an IT problem—it’s a business risk, a reputation risk, and a financial risk.

Whether you’re an individual using rental services or a company serving thousands, the principles are the same:

• Keep systems updated
• Educate yourself and your team
• Never assume security is “done”
• Prepare for when, not if

Learn more: Top 11 Data Breaches of 2024