From: [Someone at Hertz]
To: [An e-mail address only known to Hertz]
Subject: Hertz Inquiry
Date: 23 December 2002 06:38

Dear Mr. Phipps:

Recently, you informed Hertz that you had received an e-mail solicitation
for pornographic material traced to an e-mail account you had established
and used exclusively for communication with Hertz. We realize this is not
what you expected when you established an e-mail link to Hertz, and we
sincerely regret that your Hertz e-mail account has been misused in this
way.

Before I describe the steps we are taking, I thought you should know a few
facts about this matter. First, this solicitation did not occur as a
result of Hertz selling your address to any third party, including
pornographers, as Hertz does not sell or share customers' e-mail addresses
with vendors, business partners or any other individuals or corporations.

Second, you should know that although your name and e-mail address have
been misused by a third party, we do not believe any other sensitive
information about you in Hertz databases have been captured by those
responsible for the e-mail you received. Our databases are subject to
different levels and types of security (e.g., credit card and driver's
license information are protected within different layers of security than
e-mail addresses) and our corporate systems are continually monitored by
outside security firms. While the nature of the technology precludes an
unequivocal response, a review of our systems indicates no evidence of
hacking.

In addition to committing significant internal resources to our
investigation, we have retained two firms with specialized expertise in
information systems security, and we have also been working with the
Federal Bureau of Investigation. Unfortunately, our efforts to date have
not yielded any easy answers. However, we will continue until we have
exhausted all viable options in order to determine what happened, and, if
we believe laws have been broken, we will request criminal prosecution. I
can assure you that our investigation will include an analysis of the
possibility that Hertz employees or others who were authorized to work on
these databases may be involved, in addition to outsiders.

Hertz filed a lawsuit in Federal District Court in Utah, which enabled us
to issue subpoenas in an effort to determine who gave or sold your email
address to the people or businesses that sent you the solicitations. We
anticipated this would enable us to learn more information about and move
closer to the person or people responsible for initially obtaining your
e-mail address. While these subpoenas resulted in the cooperation of some
Spammers, to include their ceasing to communicate with our customers, in
other instances it has not. Regrettably, to date our investigation has not
lead us to the source of how your e-mail address was initially compromised
as we had hoped.

While the number of Hertz customers who have received these solicitations
remains very small, we understand that recent solicitations are more
explicit than earlier e-mails. Also, we know that a few of the addresses
have been obtained by pornographers who operate from foreign countries,
notably Russia. The FBI, US Attorney, and attorneys representing us in
civil actions have all concluded that it will be much harder, if at all
possible, to track and stop these people.

Many of our customers have already taken steps to terminate the e-mail
address that was receiving the unwanted Spam. However, for those
customers who have not taken this step, we strongly advise you to do so,
now, given the nature and source of these most recent solicitations. If
you choose to retain this address, it would assist us in our investigation
if you would please forward any additional unwanted e-mails to my attention
at [that address I deleted above].

Please know that while we may not be able to identify how your e-mail
address was obtained or who is responsible, we are appalled that you should
receive such a solicitation. We are putting forward what we believe is
our best effort to resolve this situation and we appreciate your
cooperation.

Sincerely,


[Name removed to protect the employee concerned]
Manager Executive Customer Relations
THE HERTZ CORPORATION
225 Brae Boulevard
Park Ridge, N.J. 07656