US car rental giant Avis has confirmed it was hit by a data breach early last month affecting customer data.
In a letter to affected customers, Avis confirmed an “unauthorized third party” broke into one of its business applications, enabling the threat actor to obtain sensitive and personally identifiable information.
The attack, which is believed to have taken place between August 3 and August 6, was discovered on August 5. Avis promises to have worked with the relevant authorities and cybersecurity experts, however the extent of the attack remains unconfirmed.
Avis confirms customer data breach
Following the discovery, further research into the attack revealed on August 14 that some personally identifiable information had been accessed. Redacted information in the letter makes it impossible to know precisely which data was obtained besides customer names.
TechRadar Pro has asked Avis to confirm this, together with the estimated number of affected customers and their regions, but the company did not immediately respond.
In its warning to customers, however, the company confirmed: “We have taken steps to deploy and implement additional safeguards onto our systems, and are actively reviewing our security monitoring and controls to enhance and fortify the same.”
Consequentially, Avis will offer affected customers a one-year membership for credit monitoring via Equifax, with codes redeemable until December 31.
Avis says those affected by the breach should review and monitor their account statements and credit history for unauthorized activity.
In light the attacker may have gotten access to email addresses, phone numbers and home addresses, Avis customers together with anyone with an online presence should be wary of phishing attempts, scams and identity theft.
Other basic internet hygiene steps, like regularly updating passwords with secure alternatives and enabling two-factor authentication, are also advisable.
More from TechRadar Pro
- Here’s the best internet security suites
- We’ve rounded up a list of the best VPN with antivirus
- 170 million strong data leak traced to US data broker