Avis did not disclose the nature of the cyberattack and details of the incident remain scarce. An Avis spokesperson did not respond to an email requesting comment about the cyberattack.

In a data breach notice filed late last week with Iowa’s attorney general, the car rental company said that the stolen information includes customer names, mailing addresses, email addresses, phone numbers, their date of birth, credit card numbers and expiration dates, and driver’s license numbers. It’s not yet known why Avis stored this sensitive customer information in a way that allowed it to be compromised.