More than 400,000 customers of Avis, the car rental company that is a staple of U.S. airports, have had their personal data compromised in a cybersecurity breach that Avis reported to the public on Moday.
The online break-in occurred between Aug. 3 and Aug. 6 Avis said in a news release on Monday. Avis said it notified all customers of the breach last week, advising them on countermeasures to prevent identity theft or fraud.
Avis is a corporate sibling of Budget; both rental car companies are owned by Avis Budget Group headquartered in New Jersey. That company has more than 10,000 rental locations in 180 countries; it drew $12 billion in revenue in 2023 according to the company’s most recent full-year financial earnings.
Texas has the most impacted residents in Avis cyberattack
The company did not divulge specific details on the cyberattack, but in a data breach notice filed with Iowa’s attorney general, the car rental brand said the stolen information includes customer names, dates of birth, mail addresses, email addresses, phone numbers, credit card details, and driver’s license numbers.
Another filing, lodged with Maine’s attorney general showed the data breach has affected a total of 299,006 individuals to date. A separate filing in Texas reported the Lone Star State had the most number of impacted state residents, at 34,592.
It is still unclear why Avis allowed this sensitive customer information to be stored in a way that allowed it to be compromised.
Avis stated it first became aware of the issue on August 5 and took immediate action to stem the data loss by stopping the unauthorized access to its systems. The company has also called in third-party security consultants to contribute to the investigation.
Image credit: Via Ideogram