Avis Car Rental disclosed that hackers had stolen personal data from approximately 300,000 customers. The breach, which occurred between August 3 and August 6, 2024, was detected on August 5 when Avis identified unauthorized access to one of its business applications.
The compromised data includes sensitive personal information such as names, addresses, dates of birth, driver’s license numbers, and financial details, including credit card numbers and expiration dates.
Avis, a subsidiary of Avis Budget Group, operates over 5,500 rental locations in more than 165 countries, making the breach a considerable concern for both the company and its customers.
Upon discovering the breach, Avis took immediate action to halt the unauthorized access and launched a comprehensive investigation with the help of external cybersecurity experts.
Decoding Compliance: What CISOs Need to Know – Join Free Webinar
The company has notified affected individuals and is offering them a complimentary one-year membership to Equifax’s credit monitoring services. This service includes identity theft detection and resolution to help mitigate potential risks.
Avis has also reported the breach to relevant authorities, including the Maine Attorney General’s Office, and has begun notifying other state attorneys general as required by law.
The company is actively working to enhance its security measures and prevent future incidents, though it has not disclosed specific details about the nature of the cyberattack.
This breach is part of a troubling trend of cyberattacks targeting the automotive and rental industries. In recent months, several companies, including CDK Global and AutoNation, have reported similar incidents, highlighting the increasing vulnerability of the sector to cyber threats. These breaches underscore the urgent need for robust cybersecurity protocols across the industry.
Avis advises all impacted customers to remain vigilant against potential identity theft and fraud attempts. Customers are encouraged to monitor their financial accounts closely and take advantage of the credit monitoring service offered.
Additionally, experts recommend changing passwords and implementing two-factor authentication where possible to enhance personal data security.
As the investigation continues, Avis has committed to keeping affected individuals informed and is working to restore trust with its customer base.
Download Free Incident Response Plan Template for Your Security Team – Free Download