Car rental giant Avis Rent A Car has taken a hit in the latest cyberattack.
The New Jersey-headquartered company has admitted that it discovered intruders in one of its business applications.
The security incident has apparently impacted hundreds of thousands of people, revealing their personal information and driver’s license numbers to hackers.
GET SECURITY ALERTS, EXPERT TIPS — SIGN UP FOR KURT’S NEWSLETTER — THE CYBERGUY REPORT HERE
Details about the cyberattack
Avis is in the process of notifying around 300,000 people that their personal information and driver’s license numbers were stolen in an August cyberattack.
“We discovered on August 5, 2024, that an unauthorized third party gained access to one of our business applications. After becoming aware of the incident, we immediately took steps to end the unauthorized access, began an investigation with assistance from cybersecurity experts, and alerted the relevant authorities,” the company said in a notice shared with Maine’s attorney general. The company went onto say, “Based on our investigation, we determined that the unauthorized access occurred between August 3, 2024, and August 6, 2024.”
CLICK HERE FOR MORE U.S. NEWS
Avis did not disclose the nature of the cyberattack and details of the incident remain scarce. The car rental company did reveal that the stolen information included customer names, mailing addresses, email addresses, phone numbers, dates of birth, credit card numbers and expiration dates, and driver’s license numbers.
HERE’S WHAT RUTHLESS HACKERS STOLE FROM 110 MILLION AT&T CUSTOMERS
Texas residents are most affected
The report to Maine’s attorney general showed that 299,006 people have been affected by the Avis data breach so far. Another filing in Texas revealed that 34,592 people from Texas were impacted, making it the state with the most affected residents.
Avis, which also owns Budget and Zipcar, has over 10,000 rental locations across 180 countries. The company stores a large amount of customer data, so it’s unclear why it didn’t take better steps to protect it from this breach.
HACKED, SCAMMED, EXPOSED: WHY YOU’RE ONE STEP AWAY FROM DISASTER ONLINE
The company’s response
Upon discovering unauthorized access on Aug. 5, 2024, the company acted swiftly to terminate the intrusion and initiated a thorough investigation with external cybersecurity experts. Avis has begun notifying affected customers and filed data breach notices with various U.S. attorneys general, offering one year of free credit monitoring services to those impacted.
Additionally, the company is enhancing its security measures and implementing safeguards across its systems while maintaining transparency about the types of compromised information and the timeline of the breach.
However, concerns linger regarding the adequacy of Avis’s data protection practices and the oversight of its cybersecurity protocols.
We reached out to Avis for a comment, but did not hear back before our deadline.
Six ways to protect yourself from data breaches
1. Monitor your accounts and transactions: The Avis data breach exposes your credit card number and expiration date, which hackers can use to steal your money. If you have been affected by this data breach, check your online accounts and transactions regularly for any suspicious or unauthorized activity. If you notice anything unusual, immediately report it to the service provider or authorities. You should also review your credit reports and scores to see if there are any signs of identity theft or fraud.
2. Contact your bank and credit card companies: Since hackers have obtained your bank or credit card information, they could use it to make purchases or withdrawals without your consent. You should inform your bank and credit card companies of the situation. They can help you freeze or cancel your cards, dispute any fraudulent charges and issue new cards for you.
3. Use personal data removal services: Your personal data will be available on the internet for any scammer to use due to the breach. Consider investing in personal data removal services that specialize in continuously monitoring and removing your personal information from various online databases and websites. I mentioned above that hackers also stole driver’s licenses, which could be used to validate the data. The ID can be misused in more ways than you can imagine, including impersonation. Check out my top picks for data removal services here.
4. Be wary of mailbox communications: Bad actors may also try to scam you through snail mail. The data leak gives them access to your address. They may impersonate people or brands you know and use themes that require urgent attention, such as missed deliveries, account suspensions and security alerts.
5. Be alert for phishing scams: Cybercriminals may try to trick you into giving more personal information by sending fake emails or messages that look like they’re from Avis. Don’t click on suspicious links or provide sensitive information unless you’re sure the request is legitimate.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android & iOS devices.
6. Use an identity theft protection service: Identity theft companies can monitor personal information like your Social Security Number (SSN), phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. See my tips and best picks on how to protect yourself from identity theft.
SUBSCRIBE TO KURT’S YOUTUBE CHANNEL FOR QUICK VIDEO TIPS ON HOW TO WORK ALL OF YOUR TECH DEVICES
Kurt’s key takeaway
Avis is yet another company added to the growing list of those affected by data breaches, putting customer information at risk. It’s becoming all too common, and these big corporations don’t seem to be learning from what’s happening. What’s clear is that protecting customer data isn’t their top priority, so it’s important to take matters into your own hands. Be cautious when clicking on links, and consider investing in data removal and identity theft protection services to protect your personal information online.
Do you believe companies are doing enough to protect your personal data, or are they neglecting their responsibilities? Let us know by writing us at Cyberguy.com/Contact
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter
Ask Kurt a question or let us know what stories you’d like us to cover.
Follow Kurt on his social channels:
Answers to the most-asked CyberGuy questions:
New from Kurt:
Copyright 2024 CyberGuy.com. All rights reserved.
Read the full article here