Car rental giant Avis Rent A Car has fallen victim to a huge cyberattack, revealing the personal data of hundreds of thousands of its customers.
The company, headquartered in New Jersey, recently confirmed the breach, which compromised sensitive customer information.
The Cyberattack and Data Breach
On August 5, 2024, Avis discovered intruders had gained unauthorized access to one of its business applications.
In a statement filed with Maine’s attorney general, the company revealed the breach exposed personal data of approximately 300,000 people. This includes their driver’s license numbers and other sensitive information.
The unauthorized access took place between August 3 and August 6, 2024.
Stolen Information and Impacted People
The stolen data included names, mailing addresses and email addresses. Phone numbers, dates of birth, credit card numbers with expiration dates, and driver’s license numbers were also taken.
The Maine attorney general’s report indicated 299,006 people were impacted by the breach. A separate filing in Texas showed 34,592 Texans were affected. This made Texas the state with the largest number of compromised residents.
Avis’s Response to the Incident
Avis took immediate steps to stop the unauthorized access.
The company also launched an investigation with the help of external cybersecurity experts and notified the relevant authorities. Avis has started informing affected customers about the breach and is offering one year of free credit monitoring services to help mitigate potential damage.
The company is also enhancing its cybersecurity measures to prevent future incidents and maintaining transparency regarding the nature of the compromised data.
Need Career Advice? Get employment skills advice at all levels of your career
Concerns Over Avis’s Cybersecurity Practices
Despite Avis’s swift response, questions remain about the adequacy of its data protection measures.
As a company that stores vast amounts of customer data across its 10,000 rental locations in 180 countries, the breach has raised concerns about whether sufficient steps were taken to protect sensitive information.
The company has not provided specific details about the nature of the attack or the vulnerabilities exploited by hackers. Avis’s failure to disclose more information about the breach has led to speculation regarding the robustness of its cybersecurity protocols.
Ongoing Developments and Customer Support
As Avis continues to address the breach, its focus remains on mitigating the damage to affected customers and reinforcing its security infrastructure. Customers impacted by the attack are encouraged to take advantage of the credit monitoring services offered by Avis and remain vigilant for potential identity theft.
While Avis has yet to provide detailed comments on the incident, the company’s ongoing efforts to improve security and notify customers signal a commitment to addressing the situation transparently.
