Article Details

Car rental giant Avis discloses data breach impacting customers. American car rental giant Avis notified customers that unknown attackers breached one of its business applications last month and stole some of their personal information. According to data breach notification letters sent to impacted customers on Wednesday and filed with California's Office of the Attorney General, the company took action to stop the unauthorized access, launched an investigation with the help of external cybersecurity experts, and reported the incident to relevant authorities after learning of the breach on August 5. This investigation revealed that the attacker had access to its business application from August 3 until August 6, when the company evicted the malicious actor from its systems and blocked its access. On August 14, it also found that the attacker stole some customers' personal information, including their names and other undisclosed sensitive data. Since the breach, Avis says it has worked with outside experts to strengthen security measures for the affected application and implemented additional safeguards across its systems. The company added that it's actively reviewing security monitoring and controls to bolster security defenses and warned customers of identity theft and fraud risks following the data breach. "It is always a good idea to remain vigilant against threats of identity theft or fraud," Avis told those whose personal information was stolen in the incident. "You can do this by regularly reviewing and monitoring your account statements and credit history for any signs of unauthorized transactions or activity. You can contact the credit reporting agencies if you suspect any unauthorized activity." The car rental company also offered those affected a free one-year membership to Equifax's credit monitoring service, which provides assistance with identity theft detection and resolution. Avis is a subsidiary of Avis Budget Group, a leading global mobility solutions provider that also owns Zipcar, the world's leading car-sharing network. Its Avis and Budget car rental brands operate over 10,000 rental locations in 180 countries across North America, Europe, and Australasia. Avis Budget Group has reported more than $3.0 billion in revenues for the second quarter of 2024. The company has not responded to multiple requests for comment from BleepingComputer asking for more information about the attack's nature, the number of affected customers, and the other personal information stolen in the breach.