Where it Hertz: Customer data driven off in Cleo attacks

Car hire giant Hertz has confirmed that customer information was stolen during the zero-day data raids on Cleo file transfer products last year.

A breach notification was issued on Monday on behalf of Hertz, Dollar, and Thrifty brands, suggesting customers of all three Hertz Corporation-owned car hire businesses were affected.

Hertz didn't detail the number of customers exposed but said names, contact information, dates of birth, credit cards, driver's license information, and details related to workers' compensation claims were involved.

A smaller subset of customers may also have had more sensitive data stolen, including Social Security or other government identification numbers, passport information, Medicare or Medicaid ID, or injury-related information associated with vehicle accident claims.

For those wondering why a car hire company would have Medicare data, it's for cases involving workers' compensation claims.

The files were stolen from a Cleo file transfer product Hertz uses "for ...