Car Rental Company Avis Reports Data Breach

The firm has not revealed the number of affected customers.
Car Rental Company Avis Reports Data Breach
A sign hangs on an Avis rental car branch in New York City on Jan. 2, 2013. John Moore/Getty Images
Naveen Athrappully
Updated:
0:00

U.S. car rental company Avis revealed that it recently suffered a data breach, with the attackers gaining access to personal data belonging to customers.

“We discovered on August 5, 2024, that an unauthorized third party gained access to one of our business applications,” a Sept. 4 data breach notification sent to customers reads. “[Avis] determined on August 14, 2024, that your personal information was obtained by the unauthorized third party.”

That personal information included the customer’s name and other details, according to the notification.

The firm did not reveal how many people nationwide were affected by the breach.

In a filing with the South Carolina Department of Consumer Affairs, the company stated that 3,708 residents from that state were affected.

“After becoming aware of the incident, we immediately took steps to end the unauthorized access, began an investigation with assistance from cybersecurity experts, and alerted the relevant authorities,” Avis stated in its notification to customers.

The company asked customers to “remain vigilant against threats of identity theft or fraud.”

“You can do this by regularly reviewing and monitoring your account statements and credit history for any signs of unauthorized transactions or activity. You can contact the credit reporting agencies if you suspect any unauthorized activity,” it stated.

Avis is offering affected individuals free credit monitoring services from Equifax for one year. The service provides identity detection and helps to resolve identity theft issues, the company said in its notification about the breach. Affected customers are required to sign up by Dec. 31.

The company stated that it’s working with cybersecurity experts to boost security protections for the business application affected by the hack.

Additional safeguards have been implemented into the firm’s system, with Avis “actively reviewing” its security monitoring and controls.

The Epoch Times reached out to Avis for comment.

Avis’s data breach follows a major cyberattack that disrupted the car industry in June. CDK Global, a software firm serving more than 15,000 car dealerships in the United States, was the target in that incident.
The company’s software is used to manage sales, inventory, customer support, and other aspects of dealership operations. The outage negatively affected the operations of car dealerships on a large scale.

State of Car Security

According to the 2024 Global Automotive Cybersecurity Report by network security firm Upstream, 50 percent of all cyber incidents in the auto sector last year had a “high or massive impact,” and 95 percent of the attacks were found to have been executed remotely.

Over past years, cybersecurity risks in the industry have grown from experimental hacks to large-scale attacks, with the number and scale of cyber incidents rising “significantly” to the extent that it threatens the safety of the vehicle and the passengers, according to Upstream.

“The number of high and massive-scale incidents more than doubled between 2022 and 2023,” the report reads.

“High and massive-scale attacks can potentially impact up to millions of mobility assets (e.g. vehicles, charging stations, companion apps, backend systems).”

Upstream called electric vehicle (EV) charging a “growing threat frontier,” with charging stations becoming a “battleground for attacks.”

EVs currently make up about 15 percent of new car sales globally. By 2040, they are expected to gain the “majority of market share,” Upstream stated.

In an emailed statement to The Epoch Times last year, Elias Bou-Harb, who directs the Cyber Center for Security and Analytics at the University of Texas–San Antonio, said the center’s researchers “continue to see escalated attacks on such infrastructure, including remote and physical attacks.”

“Cyber-attacks on charging stations can be prevented to a large extent through proper security measures and protocols. While it’s challenging to achieve 100 percent prevention, proactive steps can significantly reduce the risk of attacks,” he said.

A report by software firm Synopsys found that software security was failing to keep pace with technology in the auto sector. It called software in the automotive supply chain “a major risk.”
Masooma Haq contributed to the report.