Rental car company Avis detected unauthorized access to a business applications in August. ‘Insider wrongdoing’ may have played a role. Credit: Shutterstock / Daniel J. Macy Car rental company Avis has informed around 300,000 of its customers in the US that their personal data has been stolen in a cyberattack. The company detected unauthorized access to one of its business applications at the beginning of August. “After becoming aware of the incident, we immediately took steps to end the unauthorized access,” Avis told customers in a “Data Breach Notification Letter“ (PDF), a sample of which it registered with the California prosecutor’s office. It has initiated an investigation in cooperation with security experts and law enforcement authorities, it said. Breach notification with Equifax subscription In the letter, Avis promised customers “extended protective measures” for the affected application and improvements in terms of security monitoring. In addition, the car rental giant is also offering affected customers a free annual subscription to Equifax’s “Credit Watch Gold” service, which can assist in cases of identity theft. “We sincerely apologize that this incident took place,” the company concluded its Data Breach Notification Letter. Another company filing with the Maine State Attorney’s Office showed that a total of 299,006 customers were affected by the data breach, which Avis described as “insider wrongdoing.” The type of personal data stolen in the attack was described by another letter from Avis’ law firm to the Iowa Attorney General’s office. It said the scope of the stolen data varies depending on the customer, but the following information is potentially affected: Name E-mail address Telephone number Date of birth Credit card number and expiration date Driver’s license number. SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe