The car-rental company Hertz is warning its customers that a data breach exposed personal information including driver’s licenses, credit-card data, contact information and in some cases social security or passport numbers. 

The company said that hackers breached Cleo Communications, a company that it works with for file transfers. 

The company said in a «Notice of Data Incident» statement (PDF) on its website: «We completed this data analysis on April 2, 2025, and concluded that the personal information involved in this event may include the following: name, contact information, date of birth, credit card information, driver’s license information and information related to workers’ compensation claims. A very small number of individuals may have had their Social Security or other government identification numbers, passport information, Medicare or Medicaid ID (associated with workers’ compensation claims), or injury-related information associated with vehicle accident claims impacted by the event.»

In an additional statement to CNET, a spokesperson for the company said Hertz takes privacy and security seriously. 

«Importantly, to date, our forensic investigation has found no evidence that Hertz’s own network was affected by this event,» the spokesperson said. «However, among many other companies affected by this event, we have confirmed that Hertz data was acquired by an unauthorized third party that we understand exploited zero-day vulnerabilities within Cleo’s platform in October 2024 and December 2024.»

WK Kellogg (yes, the cereal company) was apparently affected as well by the same window of data vulnerability that Hertz says took place between October and December 2024. Hertz says it became aware of the breach on Feb. 10.

Hertz is offering its customers two years of identity-theft protection with Kroll and included a phone number to contact for information on the breach, 866-408-8964.

Another in a long list of breaches

Consumers have over the last few years had to deal with the fallout of multiple large-scale data breaches that have affected customers of companies including AT&T, Ticketmaster and others.

Franklin Orellana, a cybersecurity expert and program chair of data science at Post University, said that the Hertz breach may be different in the type of information that was collected.

«While the size of the Hertz breach may not be as large as some of the more recent ones, the nature of what was exposed makes it particularly concerning,» Orellana said. «That kind of sensitive data can be more far-reaching in its implications for consumers, especially in cases of identity theft or license-cloning fraud.» 

Incidents like this, he said, are part of a rise in data breaches that affect third-party vendors of companies. Orellana pointed to a National Credit Union Administration report from a few years ago showing that 73 percent of data breaches involved a third party that was working with a credit union.

Sharing data with third parties can increase the possibilities of attack. 

«These breaches are generally due to a lack of control or visibility in the security stance of these partners, and supply chain risk is, therefore, one of the most significant concerns in cybersecurity today,» he said.

As to what consumers can do about data vulnerabilities they aren’t directly responsible for, there aren’t many options for protection, he said. 

«Unfortunately, in cases like these, consumers are largely powerless. You can do everything right, strong passwords, two-factor authentification, and up-to-date software, and still be vulnerable if a third party doesn’t store your data safely.»

Orellana added, «The burden truly is on businesses to vet vendors carefully and to have strong data protection policies across the entire ecosystem.»

Looking for the most recent regular Connections answers? Click here for today’s Connections hints, as well as our daily answers and hints for The New York Times Mini Crossword, Wordle and Strands puzzles.

Connections: Sports Edition might be tough today. I’m not really sure the yellow topic relates to sports — it’s more games — but I’ll go along with it. Read on for hints and the answers.

Connections: Sports Edition is out of beta after making its debut on Super Bowl Sunday, Feb. 9. That’s a sign that the game has earned enough loyal players that The Athletic, the subscription-based sports journalism site owned by the Times, will continue to publish it. It doesn’t show up in the NYT Games app but now appears in The Athletic’s own app. Or you can continue to play it free online.  

Read more: NYT Connections: Sports Edition Puzzle Comes Out of Beta

Hints for today’s Connections: Sports Edition groups

Here are four hints for the groupings in today’s Connections: Sports Edition puzzle, ranked from the easiest yellow group to the tough (and sometimes bizarre) purple group.

Yellow group hint: Deal me in.

Green group hint: White and black ball, in the US.

Blue group hint: Not an angel.

Purple group hint:  Hoops teams.

Answers for today’s Connections: Sports Edition groups

Yellow group: Hands in poker.

Green group: Types of kicks in soccer.

Blue group: Teams with devil nicknames.

Purple group: NBA teams in last year’s conference finals.

Read more: Wordle Cheat Sheet: Here Are the Most Popular Letters Used in English Words

What are today’s Connections: Sports Edition answers?

The yellow words in today’s Connections

The theme is hands in poker. The four answers are flush, full house, pair and straight.

The green words in today’s Connections

The theme is types of kicks in soccer. The four answers are corner, direct, indirect and penalty.

The blue words in today’s Connections

The theme is teams with devil nicknames. The four answers are Arizona, Duke, Manchester United and New Jersey.

The purple words in today’s Connections

The theme is NBA teams in last year’s conference finals. The four answers are Boston, Dallas, Indiana and Minnesota.

Quick tips for Connections: Sports Edition

#1: Don’t grab for the easiest group. For each word, think about other sports categories it might fit in – is this a word that can be used in football, or to describe scoring options?

#2: Second meanings are important. The puzzle loves to use last names and even college names that mean other things, to fool you into thinking they are words, not names.

#3: And the opposite is also true. Words like HURTS might seem like a regular word, but it’s also the last name of at least one pro athlete.

Skygazers in the northern region of the US and Canada might catch a glimpse of the Northern Lights as soon as tonight and into tomorrow. The NOAA Space Weather Prediction Center just issued a G3 (strong) geomagnetic storm watch for April 16, when plasma ejected from the sun is expected to reach Earth’s magnetic field. Minor geomagnetic storm conditions are likely to carry on until April 17, the agency reported. 

The colorful lights splashed across the night sky are caused by geomagnetic storms in our atmosphere and the SWPC pays attention to when these might occur. Geomagnetic storms in the atmosphere can arise from a cosmic phenomena called coronal mass ejections (CME). These surging ejections of solar wind come from the corona, the sun’s outermost layer. CMEs consist of plasma and magnetic field, and they can take hours or days to reach Earth. 

When CMEs arrive, they cause disturbances in our atmosphere by disrupting our planet’s magnetic field. This creates geomagnetic storms. Coming sooner than expected, the first CME actually arrived earlier today, spaceweather.com reports. 

As a result, a G1 (minor) geomagnetic storm is currently raging in our atmosphere. It’s still too soon to tell if this is the first of two CMEs that erupted from the sun on Sunday, or if one CME «ate» the other one to make this a cannibal combination. Forecasters say the storm is strengthening into a G3-class. 

Where can you see the aurora?

Most places in the US won’t have an opportunity to see the aurora borealis, but people in US regions as far south as Iowa, Michigan, Oregon, Pennsylvania and Wyoming might get a chance to see the lights, according to Accuweather. However, clouds, rain and snow might make it hard to see.

For the best chance of seeing it, you’ll need to have an unobstructed view of the northern horizon and be using long-exposure photography to capture images of the phenomenon.

The Northern Lights have certain times of year when they’re more likely to be observed. You have the best chance of catching aurora borealis in March, April, September and October, as these are the months near the spring and autumn equinoxes, when the Earth’s position to the sun is ideal for geomagnetic storms. 

«The equinoxes are the transition points between which hemisphere is tilted toward the sun,» Shannon Schmoll, director of the Abrams Planetarium, told CNET last month. «At this point, the Earth’s magnetic field is at a more favorable angle, closer to perpendicular, that allows easier interaction of the charged solar particles with the Earth’s magnetic field and atmosphere.»

April is a good month for watching the Northern Lights because we’re at Solar Maximum — the period of the highest solar activity in the 11-year solar cycle. 

«During this time, we expect to see more sunspots, and therefore there’s a higher chance of high-impact space weather occurring on any given day,» Elsayed Talaat, director of the Office of Space Weather Observations at the National Oceanic and Atmospheric Administration, said last October.

So, if you live in a place where the aurora borealis might be visible tonight, make sure to head away from city lights and check out the night sky to the north.