300K Victims' Data Compromised in Avis Car Rental Breach

Avis Car Rental is notifying nearly 300,000 individuals of a data breach it fell victim to in early August.

According to the letter it is sending out to those who have been affected, a threat actor gained unauthorized access to its business applications. The company took steps to end the access and launched an investigation alongside third-party experts, as well as alerted the authorities and notified the Maine Attorney General's Office.

The investigation has led the company to believe that the access was gained between Aug. 3 and Aug. 6, and that some personal identifiable information (PII) was exfiltrated, though the scope of the breach remains unclear.

"While details of the recent Avis intrusion are scant and we're not privy to how disruptive this attack was to Avis corporate employees and the nearly 300,000 customers apparently impacted, I am encouraged by the company's quick response and its implementation of additional safeguards to its systems and customer data," Sean Deuby, principal technologist at Semperis, wrote in an emailed statement to Dark Reading.

Avis is providing complimentary one-year memberships to those who were affected, but they must enroll by Dec. 31. Still, the company recommends that its customers remain vigilant against fraud and identity theft and review their financial statements often, as it works to bolster its cybersecurity protections.