Car rental giant Avis recently revealed a mass cyberattack that compromised the personal information of nearly 300,000 customers.
Discovered in early August 2024, the breach exposed sensitive data such as names, mailing addresses, phone numbers, and driver’s license numbers. Avis has begun the process of notifying affected customers and submitting breach reports to various U.S. attorneys general.
While the company has not provided specific details about how the attack occurred, it confirmed that hackers gained access to its systems over several days in early August. As investigations continue, Avis is offering impacted customers one year of credit monitoring services to mitigate potential risks stemming from the breach.
Why It Matters: The Avis breach adds to growing concerns about the vulnerability of sensitive data stored by companies in the car rental industry. With more people syncing personal devices to rental cars, breaches like this can expose a wide range of private information, leading to increased risks for identity theft and fraud.
- Data Compromised: The stolen information includes names, mailing and email addresses, phone numbers, dates of birth, credit card numbers, expiration dates, and driver’s license numbers of 299,006 individuals. Notifications have been filed with several U.S. states, including Texas, California, and Maine.
- Breach Discovery: The cyberattack occurred from August 3 to August 6, 2024, with Avis discovering the intrusion on August 5. The company responded by ending unauthorized access and launching an internal investigation.
- Avis Response: Affected customers are being offered one year of credit monitoring services, though Avis has not disclosed specific actions taken to strengthen cybersecurity measures in the aftermath of the attack.
- Broader Trend: The Avis breach follows a similar incident earlier in the year when U-Haul experienced a data leak affecting 67,000 customers. These breaches raise alarm over the increasing frequency and scale of attacks on the vehicle rental industry.
Data of nearly 300,000 exposed in Avis cyberattack – The Record