Car rental giant Avis Rental A Car has taken a hit in the latest cyberattack. The New Jersey-headquartered company has admitted that it discovered intruders in one of its business applications. The security incident has apparently impacted hundreds of thousands of people, revealing their personal information and driver’s license numbers to hackers.
GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE
Avis
Details about the cyberattack
Avis is in the process of notifying around three hundred thousand people that their personal information and driver’s license numbers were stolen in an August cyberattack.
“We discovered on August 5, 2024, that an unauthorized third party gained access to one of our business applications. After becoming aware of the incident, we immediately took steps to end the unauthorized access, began an investigation with assistance from cybersecurity experts, and alerted the relevant authorities,” the company said in a notice shared with Maine’s attorney general. The company went onto say, “Based on our investigation, we determined that the unauthorized access occurred between August 3, 2024, and August 6, 2024.”
Avis did not disclose the nature of the cyberattack and details of the incident remain scarce. The car rental company did reveal that the stolen information included customer names, mailing addresses, email addresses, phone numbers, dates of birth, credit card numbers and expiration dates, and driver’s license numbers.
HERE’S WHAT RUTHLESS HACKERS STOLE FROM 110 MILLION AT&T CUSTOMERS
Texas residents are most affected
The report to Maine’s attorney general showed that 299,006 people have been affected by the Avis data breach so far. Another filing in Texas revealed that 34,592 people from Texas were impacted, making it the state with the most affected residents.
Avis, which also owns Budget and Zipcar, has over 10,000 rental locations across 180 countries. The company stores a large amount of customer data, so it’s unclear why they didn’t take better steps to protect it from this breach.
HACKED, SCAMMED, EXPOSED: WHY YOU’RE ONE STEP AWAY FROM DISASTER ONLINE
The company’s response
Upon discovering unauthorized access on August 5, 2024, the company acted swiftly to terminate the intrusion and initiated a thorough investigation with external cybersecurity experts. Avis has begun notifying affected customers and filed data breach notices with various U.S. attorneys general, offering one year of free credit monitoring services to those impacted.
Additionally, the company is enhancing its security measures and implementing safeguards across its systems while maintaining transparency about the types of compromised information and the timeline of the breach.
However, concerns linger regarding the adequacy of Avis’s data protection practices and the oversight of its cybersecurity protocols.
We reached out to Avis for a comment, but did not hear back before our deadline.
Five ways to protect yourself from data breaches
1) Monitor your accounts and transactions: The Avis data breach exposes your credit card number and expiration date, which hackers can use to steal your money. If you have been affected by this data breach, check your online accounts and transactions regularly for any suspicious or unauthorized activity. If you notice anything unusual, immediately report it to the service provider or authorities. You should also review your credit reports and scores to see if there are any signs of identity theft or fraud.
2) Contact your bank and credit card companies: Since hackers have obtained your bank or credit card information, they could use it to make purchases or withdrawals without your consent. You should inform your bank and credit card companies of the situation. They can help you freeze or cancel your cards, dispute any fraudulent charges, and issue new cards for you.
3) Use personal data removal services: Your personal data will be available on the internet for any scammer to use due to the breach. Consider investing in personal data removal services that specialize in continuously monitoring and removing your personal information from various online databases and websites. I mentioned above that hackers also stole driver’s licenses, which could be used to validate the data. The ID can be misused in more ways than you can imagine, including impersonation.
A service like Incogni can help you remove all this personal information from the internet. It has a very clean interface and will scan 195 websites for your information and remove it and keep it removed.
Special for CyberGuy Readers (60% off): Incogni offers A 30-day money-back guarantee and then charges a special CyberGuy discount only through the links in this article of $5.99/month for one person (billed annually) or $13.19/month for your family (up to 4 people) on their annual plan and get a fully automated data removal service, including recurring removal from 190+ data brokers. You can add up to 3 emails, 3 home addresses and 3 phone numbers (U.S. citizens only) and have them removed from data-broker databases. I recommend the family plan because it works out to only $4.12 per person per month for year-round coverage. It’s an excellent service, and I highly recommend at least trying it out to see what it’s all about.
Get Incogni for your family (up to 4 people) here
4) Be wary of mailbox communications: Bad actors may also try to scam you through snail mail. The data leak gives them access to your address. They may impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
5) Be alert for phishing scams: Cybercriminals may try to trick you into giving more personal information by sending fake emails or messages that look like they’re from Avis. Don’t click on suspicious links or provide sensitive information unless you’re sure the request is legitimate.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
My top pick is TotalAV, and you can get a limited-time deal for CyberGuy readers: $19 your first year (80% off) for the TotalAV Antivirus Pro package.
6) Use an identity theft protection service: Identity Theft companies can monitor personal information like your Social Security Number (SSN), phone number, and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.
My top recommendation is Identity Guard. One of the best parts of using Identity Guard is that they might include identity theft insurance of up to 1 million dollars to cover losses and legal fees and a white glove fraud resolution team where a US-based case manager helps you recover any losses.
CyberGuy’s Exclusive Offer (Save 52%): Get the Identity Guard Ultra protection to protect your identity and credit for as little as $9.99/mo (lowest offered anywhere) for the first year.
See my tips and best picks on how to protect yourself from identity theft.
PHARMA GIANT’S DATA BREACH EXPOSES PATIENTS’ SENSITIVE INFORMATION
Kurt’s key takeaway
Avis is yet another company added to the growing list of those affected by data breaches, putting customer information at risk. It’s becoming all too common, and these big corporations don’t seem to be learning from what’s happening. What’s clear is that protecting customer data isn’t their top priority, so it’s important to take matters into your own hands. Be cautious when clicking on links, and consider investing in data removal and identity theft protection services to protect your personal information online.
Do you believe companies are doing enough to protect your personal data, or are they neglecting their responsibilities? Let us know in the comments below.
FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE