Avis

Summary

Car rental giant Avis disclosed a data breach affecting one of its business applications in August 2024. An unauthorized third party gained access between August 3 and August 6, 2024, compromising personal information of 299,006 customers.

Attack Vector

Unauthorized third parties gained access to one of Avis' business applications on August 3, 2024. The company discovered the breach on August 5 and determined by August 14 that sensitive customer information had been obtained. The specific attack method was not publicly disclosed.

Consumer Impact

The stolen data includes customer names, mailing addresses, email addresses, phone numbers, dates of birth, credit card numbers and expiration dates, and driver's license numbers for 299,006 Avis customers. The combination of financial information, identity documents, and personal contact details creates severe identity theft and fraud risk. Customers began receiving breach notifications on September 4, 2024.

Response

Avis immediately took steps to end unauthorized access upon discovery and began an investigation with cybersecurity experts. The company alerted relevant authorities and is offering affected individuals free one-year memberships to Equifax credit monitoring services. The response demonstrates industry-standard breach notification and support measures for affected customers.