Pierluigi Paganini September 06, 2024

Car rental giant Avis disclosed a data breach that impacted one of its business applications in August compromising customers’ personal information.

Car rental company Avis notified customers impacted in an Augus data breach. Threat actors breached one of its business applications and gained access to some of the customers’ personal information.

“We discovered on August 5, 2024, that an unauthorized third party gained access to one of our business applications. After becoming aware of the incident, we immediately took steps to end the unauthorized access, began an investigation with assistance from cybersecurity experts, and alerted the relevant authorities.”reads the data breach notification letter sent to the impacted individuals. “Based on our investigation, we determined that the unauthorized access occurred between August 3, 2024, and August 6, 2024.”

Once discovered the incident, Avis launched an investigation into the security breach with the help of cybersecurity experts. The company also worked to enhance the security of the impacted business application. As part of their response, the company has implemented additional protective measures across their systems.

“Since the incident occurred, we have worked with cybersecurity experts to develop a plan to enhance security protections for the impacted business application. In addition, we have taken steps to deploy and implement additional safeguards onto our systems, and are actively reviewing our security monitoring and controls to enhance and fortify the same.” continues the letter.

Threat actors had access to a company’s business application from August 3 until August 6, but the company discovered the data breach on August 14. The attackers stole customer data, including customer names and other sensitive information.

The car rental did not disclose technical details about the attack or the number of impacted customers.

AVIS recommends that impacted customers remain vigilant against threats of fraudulent activities and identity theft.

The company also recommends customers regularly monitor their account statements and credit history for any unauthorized transactions or activities and report any suspect activities to their credit reporting agencies.

AVIS offered impacted customers a free one-year membership to Equifax’s credit monitoring service.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)