Excerpt from Securityweek Article, Published on Sep 09, 2024.
Avis Car Rental has confirmed that nearly 300,000 customers were impacted by a data breach in August 2024, which resulted in the theft of personal information. The breach was detected on August 5, when the company identified unauthorized access to one of its business applications.
According to Avis, attackers had access to its network from August 3 to August 6, during which time they exfiltrated sensitive personal identifiable information (PII). The compromised data includes names, addresses, dates of birth, driver’s licence numbers, and financial account details. The company has since notified the relevant authorities and taken steps to contain the breach.
Avis began sending notifications to affected individuals last week, along with a formal report to the Maine Attorney General’s Office. Those impacted will receive one year of free credit monitoring services, which includes identity theft detection and resolution. Avis is also urging customers to remain vigilant for signs of identity theft or fraud in the wake of the breach.
Avis Car Rental, part of the Avis Budget Group, operates over 5,500 locations in more than 165 countries. The company’s investigation into the incident is ongoing. This incident follows a series of cyberattacks on the automotive industry in recent months. CDK Global, a software provider for car dealerships, was hit by a ransomware attack in North America, affecting thousands of dealerships. AutoNation and AutoCanada, two major dealership companies, reported financial losses due to the CDK breach, with AutoCanada also falling victim to a separate cyberattack in early August.
As cyberattacks targeting the automotive sector become more frequent, companies like Avis are under increasing pressure to bolster their cybersecurity defences to protect customer data.
To delve deeper into this topic, please read the full article on Securityweek.