In a significant cybersecurity incident, Avis Car Rental reported that the personal data of hundreds of thousands of its customers was compromised in a cyberattack that occurred in early August. According to notices filed with various U.S. state attorneys general, the New Jersey-based company discovered unauthorized access to one of its business applications on August 5, 2024, with the breach having started two days earlier. Avis took action to halt the intrusion but is now informing customers of the sensitive information stolen during the attack.
The stolen data includes full customer names, mailing addresses, email addresses, phone numbers, dates of birth, credit card numbers with expiration dates, and driver’s license numbers. The breach has raised serious concerns about how this information was stored and why it was vulnerable to compromise.
To date, the Avis data breach affects 299,006 individuals, with Texas being the hardest hit, reporting 34,592 affected residents. More data breach notices are expected to be filed as the total number of impacted customers could rise. Avis has not disclosed the specific nature of the cyberattack, and details about the incident remain scarce. Despite requests for comment, the company has not provided further information regarding the breach.
Avis, a global car rental giant, operates over 10,000 locations across 180 countries. The company, along with its other brands like Budget Car Rental and Zipcar, reported a revenue of $12 billion in 2023. The CEO, Joe Ferraro, reported total earnings of $10.2 million for that year.
As of now, it remains unclear who at Avis is responsible for overseeing the company’s cybersecurity measures. The breach highlights ongoing concerns about data security and corporate responsibility in safeguarding personal information.