Car rental company Hertz says a data breach has compromised customers' information.

In a notice to customers posted Tuesday, the company said a breach of a software vendor exposed data including "name, contact information, date of birth, credit card information, driver’s license information and information related to workers’ compensation claims. A very small number of individuals may have had their Social Security or other government identification numbers, passport information, Medicare or Medicaid ID (associated with workers’ compensation claims), or injury-related information associated with vehicle accident claims impacted by the event."

Hertz, which also operates the Dollar and Thrifty rental brands, has not disclosed the number of customers affected. The company sent notices of the breach to customers in the U.S., Australia, Canada, the European Union, New Zealand, and the United Kingdom.

RELATED STORY | Starbucks baristas forced to manually track hours worked after ransomware attack

The attack took advantage of a vulnerability in a file-sharing service that is widely used in corporate settings. In 2024, a ransomware gang called CL0P compromised the service and used it to steal data from a number of business victims, including Hertz.

Hertz says the attack took place between October and December of 2024.

The company has disclosed the breach to law enforcement and is offering affected customers monitoring services to protect their identities.