Cyber Incident Victim: Avis

Avis Car Rental experienced a data breach in August 2024 that compromised personal information belonging to approximately 300,000 customers. The company detected unauthorized access to one of its business applications on August 5, 2024, prompting immediate containment measures and notifications to relevant authorities. Subsequent investigation revealed attackers maintained network access between August 3 and August 6, during which they exfiltrated personally identifiable information (PII). The stolen data included customer names combined with other sensitive details, with specific impacts varying by individual. Compromised information encompassed physical addresses, dates of birth, driver's license numbers, and financial account data. Avis initiated written notifications to affected individuals during the week preceding August 6, 2024, while simultaneously filing a disclosure with the Maine Attorney General's Office confirming the breach's scope.

The company responded by offering impacted customers one year of complimentary credit monitoring services featuring identity theft detection and resolution support. Avis advised affected individuals to remain vigilant against potential fraud attempts stemming from the incident. As a subsidiary of Parsippany-based Avis Budget Group, Inc., the breach occurred within an organization operating 5,500 rental locations across 165 countries. This incident coincided with multiple cybersecurity events affecting North American automotive sector entities during the preceding three months, including the CDK Global ransomware attack that disrupted thousands of dealerships. Other industry players like AutoNation and AutoCanada reported financial consequences from the CDK incident, with AutoCanada separately disclosing an early August cyberattack unrelated to the Avis breach.