Avis alerts nearly 300k car renters that crooks stole their info
- Reference: 1725900310
- News link: https://www.theregister.co.uk/2024/09/09/avis_data_breach_car_rental/
- Source link:
The digital break-in occurred between August 3 and August 6, according to the car rental giant in filings with the [1]Maine and [2]California attorneys general.
On August 14, Avis determined that sensitive info had been "obtained by the unauthorized third party," although the sample breach notification letter redacted the specifics, so we can't say for sure what personal details were stolen.
[3]
Avis also cites "insider wrongdoing" under the breach disclosure section in the Maine filing, but doesn't provide additional details about what happened.
[4]
[5]
"Since the incident occurred, we have worked with cybersecurity experts to develop a plan to enhance security protections for the impacted business application," the letter sent to affected consumers says
[6]PDF
."In addition, we have taken steps to deploy and implement additional safeguards onto our systems, and are actively reviewing our security monitoring and controls to enhance and fortify the same," it continues.
[7]
The car rental company did not immediately respond to The Register 's questions about the breach and what specific customer info was accessed. We will update this story if and when we hear back from Avis.
[8]Transport for London confirms cyberattack, assures us all is well
[9]Planned Parenthood confirms cyber-attack as RansomHub threatens to leak data
[10]AMD internal data reportedly offered for sale
[11]31.5M invoices, contracts, patient consent forms, and more exposed to the internet
According to San Francisco-based law firm Schubert Jonckheer & Kolbe, this information [12]may include customers' names, addresses, dates of birth, driver's license numbers, and financial information (including account numbers and credit or debit card numbers).
In addition to indicating that the crooks did make off with people's credit card info, this also signals that a class-action lawsuit against Avis may soon be filed.
The rental company suggests that customers "remain vigilant against threats of identity theft or fraud," and is offering affected individuals a free, one-year membership to Equifax credit monitoring services. The deadline to apply for this is December 31. ®
Get our [13]Tech Resources
[1] https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/ccfece24-0b9c-4251-a89b-0fd68ecbda12.html
[2] https://oag.ca.gov/ecrime/databreach/reports/sb24-591235
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Zt9v_yonb2P5fVKwFPeL0QAAAcM&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Zt9v_yonb2P5fVKwFPeL0QAAAcM&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Zt9v_yonb2P5fVKwFPeL0QAAAcM&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[6] https://regmedia.co.uk/2024/09/09/avis_breach_notification_letter.pdf
[7] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Zt9v_yonb2P5fVKwFPeL0QAAAcM&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[8] https://www.theregister.com/2024/09/03/tfl_cyberattack/
[9] https://www.theregister.com/2024/09/04/planned_parenthood_cybersecurity_incident/
[10] https://www.theregister.com/2024/08/26/amd_internal_data_intelbroker/
[11] https://www.theregister.com/2024/08/26/31m_invoices_business_files_exposed/
[12] https://www.prnewswire.com/news-releases/privacy-alert-avis-rent-a-car-under-investigation-for-data-breach-of-approximately-400-000-customer-records-302241919.html
[13] https://whitepapers.theregister.com/
Dodged a Bullet, this time!
The last time I use Avis, was 7 years ago, I used a now defunct credit card, and my European DL. In July, I needed to rent a car, one way, from Colorado back east. None available at any company for one way rental except Avis, but they wanted a small fortune, and I passed. Bought a used car instead...
Won't be using Avis again...
No matter how secure...
It doesn't seem to matter how secure the IT infrastructure is, it only takes one (overly trusted) insider with privileges to steal that data.
I'm sure that many of the cold call scams start with a call centre insider, copying out customer data.
Free credit monitoring!
At this point - I believe that no one in the world should ever have to pay for credit monitoring again. The various credit reporting agencies should be forced to provide it to any user in their database, (after hopefully verifying the identity of the querant ) .
The credit system, as it stands, has now been breeched sooooo many times that you could probably accomplish a more accurate credit check on the darkweb anyway.
I am underconvinced that the best remedy for having had your personal information stolen from Avis, is to provide your personal information to Equifax.
https://www.theregister.com/2017/09/07/143m_american_equifax_customers_exposed/
Compensation?
Avis will be paying compensation to all those affected of course.