300K Victims' Data Compromised in Avis Car Rental Breach
Though the company reports that data was exfiltrated in the breach, it has remained tightlipped regarding the kind of data that was exposed.
According to the letter it is sending out to those who have been affected, a threat actor gained unauthorized access to its business applications.
"While details of the recent Avis intrusion are scant and we're not privy to how disruptive this attack was to Avis corporate employees and the nearly 300,000 customers apparently impacted, I am encouraged by the company's quick response and its implementation of additional safeguards to its systems and customer data," Sean Deuby, principal technologist at Semperis, wrote in an emailed statement to Dark Reading
The company took steps to end the access and launched an investigation alongside third-party experts, as well as alerted the authorities and notified the Maine Attorney General's Office.
https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/ccfece24-0b9c-4251-a89b-0fd68ecbda12.html
access was gained between Aug. 3 and Aug. 6, and that some personal identifiable information (PII) was exfiltrated, though the scope of the breach remains unclear.