(Reuters) – Rental car firm Hertz Global said on Monday some of its users’ data was stolen in a breach involving one of its vendors.

Hertz said the incident may have resulted in personal data being impacted.

The company said Cleo Communications, a vendor that provides file transfer services, experienced an incident where hackers exploited zero-day vulnerabilities within its platform in October and December.

The affected data could include customers’ contact, credit card and driver’s license information, Hertz said in a notification on its website, adding that a small number of those may have had their social security or passport information impacted as well.

“Our forensic investigation has found no evidence that Hertz’s own network was affected by this event,” the company said in a statement to Reuters.

The company said it was not aware of any incidents where the personal information was misused for fraudulent purposes.

(Reporting by Utkarsh Shetti in Bengaluru; Editing by Maju Samuel)