Avis, a prominent car rental company based in the United States, recently fell victim to a cyberattack that resulted in the unauthorized access and exfiltration of data from its systems. The breach, which took place between August 3 and August 6, was only detected by Avis on August 5, 2024. The stolen data included customer names and other sensitive information, although the precise details of the compromised data were not disclosed by the company.
Following the discovery of the cyberattack, Avis took immediate action to mitigate the breach, collaborate with cybersecurity experts, and notify the relevant authorities. In a notification sent to customers on September 4, 2024, Avis informed them of the incident and advised them to remain vigilant against potential identity theft or fraud. The company also offered affected customers a complimentary one-year membership to Equifax for identity theft or fraud prevention services.
In response to the breach, Avis stated that they have been working closely with cybersecurity experts to enhance their security protections and implement additional safeguards to prevent future security incidents. They assured customers that they are actively reviewing their security monitoring and controls to strengthen their defenses against cyber threats.
As details about the data breach and the identity of the threat actors remain scarce, The Cyber Express reached out to Avis for further clarification and comments on the incident. The company has yet to provide additional information regarding the breach and the involved threat actor.
This cyberattack on Avis comes on the heels of a similar incident earlier in the year involving one of their rival companies, Europcar. In that instance, threat actors claimed to have stolen data from over 48 million Europcar customers. The hackers, operating under the alias “Lean,” boasted about obtaining a vast array of sensitive information from Europcar’s systems.
However, Europcar swiftly refuted these claims, stating that the breach was fake and that the threat actor had fabricated records using Artificial Intelligence (AI). The rental company conducted a thorough investigation and determined that the data provided by the hacker did not match their records and contained many non-existent email addresses and other details, leading them to conclude that the data was AI-generated.
As the repercussions of cyberattacks continue to impact businesses across various industries, companies like Avis and Europcar are under increasing pressure to ramp up their cybersecurity measures and protect customer data from malicious actors. The ongoing threat of cybercrime underscores the importance of robust cybersecurity protocols and continuous monitoring to safeguard sensitive information and prevent data breaches.