‘We sincerely apologize this incident occurred,’ according to a letter to Avis customers.

Avis, the car rental company, has disclosed that threat actors accessed one of its business applications and accessed customer personal information.

The Parsippany, N.J.-based company has sent letters dated Sept. 4 to customers whose information was accessed in the breach, according to documents filed with California’s Office of the Attorney General and South Carolina’s Department of Consumer Affairs. Avis discovered the intrusion on Aug. 5 and determined that intruder access happened between Aug. 3 and Aug. 6.

“After becoming aware of the incident, we immediately took steps to end the unauthorized access, began an investigation with assistance from cybersecurity experts, and alerted the relevant authorities,” according to the letter to customers. BleepingComputer first reported about the letters on Friday.

[RELATED: 10 Major Cyberattacks And Data Breaches In 2024 (So Far)]

Avis Hack

The letter continued: “Since the incident occurred, we have worked with cybersecurity experts to develop a plan to enhance security protections for the impacted business application. In addition, we have taken steps to deploy and implement additional safeguards onto our systems, and are actively reviewing our security monitoring and controls to enhance and fortify the same.”

CRN has reached to Avis for comment. It was not immediately clear how many customers were affected.

The company advised customers “to remain vigilant against threats of identity theft or fraud … by regularly reviewing and monitoring your account statements and credit history for any signs of unauthorized transactions or activity.”

Avis is also offering complimentary one-year memberships to Equifax. “We sincerely apologize this incident occurred,” according to the customer letter.

Other major breaches this year include hackers breaking into Change Healthcare IT systems in February using stolen credentials and a breach of Ticketmaster in the spring.