Avis Says Cyberattack Compromised Thousands of Users’ Personal Data

Why Trust Techopedia
Key Takeaways

  • Avis is notifying customers of a cyberattack that has compromised their personal data.
  • Details remain scarce, but the stolen information includes customer names, email addresses, mailing addresses, and more.
  • More than 299,000 customers are affected to date.

Car rental giant Avis has revealed a cyberattack in a data breach notice filed with several U.S. attorneys general last week.

According to the report by TechCrunch, the company notified customers of the breach via letter, advising them that it discovered intruders in a business application on August 5, with hackers thought to have infiltrated the system a couple of days earlier. The company subsequently took  immediate steps to put a stop to the unauthorized access.

A data breach notice filed with Iowa’s attorney general revealed that the stolen data included customers names, phone numbers, email addresses and mailing addresses, as well as dates of birth, credit card information, and driving license numbers.

In a separate filing with Maine’s attorney general, it was revealed that 299,006 customers have been affected to date. This number could rise as more data breach notices are filed in the coming weeks.

Meanwhile, another filing with the Texas attorney general revealed that the state was home to 34,592 affected individuals.

Avis didn’t disclose the exact nature of the attack, and it’s not known why this data wasn’t stored more securely, or who oversees cybersecurity at the company.

In its letter to affected customers, the car rental company revealed it has taken steps to “enhance security protections for the impacted business application” alongside cybersecurity experts. It says it is also “reviewing [our] security monitoring and controls.”

Avis urged those impacted to remain vigilant and to check account statements for unusual activity or transactions. It’s offering affected individuals a free year of Equifax membership as an apology.

Avis isn’t the only company to face a significant data breach in 2024. In February of this year Bank of America saw a cyberattack compromise the personal details of over 55,000 customers. In that same month, Change Healthcare IT Systems also saw a ransomware attack compromise personal health data that potentially affected many Americans. Ticketmaster faced a data breach in spring, while Dell fell victim to a breach in May, with the sensitive information of up to 49 million customers compromised.