Avis Rent a Car System has been forced to notify hundreds of thousands of customers that their personal information was compromised by a hacker.
A breach notification letter published by the Maine Office of the Attorney General (OAG) revealed that 299,006 individuals were impacted by the incident.
Although the notice describes the breach as the result of “insider wrongdoing,” the attached letter makes no reference to an employee as the cause of the incident.
“We discovered on August 5, 2024, that an unauthorized third party gained access to one of our business applications,” it stated.
“After becoming aware of the incident, we immediately took steps to end the unauthorized access, began an investigation with assistance from cybersecurity experts, and alerted the relevant authorities. Based on our investigation, we determined that the unauthorized access occurred between August 3, 2024, and August 6, 2024.”
Customer names and other unspecified “data elements” were stolen by the unauthorized third party, according to the report.
Read more on cyber-attacks targeting car rental firms: Car Rental Giant Sixt Hit by Cyber-Attack
The firm has offered all those affected free credit monitoring with Equifax for a year.
“It is always a good idea to remain vigilant against threats of identity theft or fraud,” Avis added.
“You can do this by regularly reviewing and monitoring your account statements and credit history for any signs of unauthorized transactions or activity. You can contact the credit reporting agencies if you suspect any unauthorized activity.”
The Parsippany, New Jersey-headquartered Avis Rent a Car System is part of the Avis Budget Group, which also includes Budget Rent a Car and Zipcar.
The company said that it is working with “cybersecurity experts” to improve security protection for the business app that was targeted in the breach.
“In addition, we have taken steps to deploy and implement additional safeguards onto our systems, and are actively reviewing our security monitoring and controls to enhance and fortify the same,” it added.
Car hire companies are a popular target for digital extortionists given the large volumes of personal and financial data they store on customers.
Image credit: ChameleonsEye / Shutterstock.com