Avis Car Rental is notifying close to 300,000 individuals that their personal information was stolen in an August 2024 data breach.
The company said the incident was discovered on August 5 when it flagged unauthorized access to one of its business applications. Avis says it immediately took steps to contain the attack and notified the relevant authorities.
The company’s investigation determined that the attackers had access to its network between August 3 and August 6, and that they exfiltrated certain data, including personal identifiable information (PII) pertaining to customers.
Last week, Avis started sending written notifications to the potentially impacted individuals and notified the Maine Attorney General’s Office that approximately 300,000 people were affected.
According to notification letter that Avis submitted to the Maine AG, names were compromised in the attack, in combination with other PII. Depending on the individual, the data breach reportedly impacted addresses, dates of birth, driver’s license numbers, and financial account information.
The company is providing the affected individuals with one year of free credit monitoring services that include identity detection and resolution of identity theft and encourages them to remain vigilant against identity theft and fraud attempts.
Avis Car Rental is part of Avis Budget Group, Inc., a car rental agency holding company based in Parsippany, New Jersey. Avis Car Rental operates approximately 5,500 locations in more than 165 countries.
There have been several cyberattacks targeting the automobile industry in North America over the past three months, including the ransomware attack suffered by CDK Global, which impacted thousands of car dealers across North America.
Car dealership companies AutoNation and AutoCanada disclosed financial impact from the CDK Global incident, with the latter also falling victim to a cyberattack in early August.
Related: Ransomware Gang Claims Cyberattack on Planned Parenthood
Related: 950,000 Impacted by Young Consulting Data Breach
Related: 25 Major Car Brands Get Failing Marks From Mozilla for Security and Privacy
Related: Gold Dealer JM Bullion Discloses Months-Long Payment Card Breach