The Target: Car rental company Avis
The Take: The scope of the stolen data varies depending on the customer, but the following information is potentially affected: name, email address, telephone number, date of birth, credit card number and expiration date, driver’s license number.
The Vector: The company detected unauthorized access to one of its business applications at the beginning of August. Avis has described the breach as ‘insider wrongdoing.’
This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.