Avis Rent-A-Car has sent notices to state Attorney General’s offices of a customer data breach affecting the private and personal information of nearly 300,000 customers nationwide.

Avis discovered that “an unauthorized third party gained access to one of our business applications,” according to a notice filed with the Office of California Attorney General Rob Bonta, and similar notices filed to Attorney General offices in Texas, Maine, and Iowa.

The party accessed the information of 299,006 customers between Aug. 3 and 5, according to the Iowa filing. Among the personal customer information that hackers could have obtained on each customer: Name, mailing address, email address, phone number, date of birth, credit card number with expiration date, and driver’s license number, according to the Iowa AG filing.

Avis started sending individual notifications via U.S postal mail to customers on Sept. 5 and is offering individuals one year of complimentary credit monitoring service, including identity detection and resolution of identity theft.

“Since the incident occurred, Avis has worked with cybersecurity experts to develop a plan to enhance security protections for the impacted business application,” the notice stated. “In addition, Avis has taken steps to deploy and implement additional safeguards onto its systems and is actively reviewing its security monitoring and controls to enhance and fortify the same.”

Avis has not offered further details about the suspects, location, or circumstances surrounding the data breach. Avis Rent a Car System LLC is based in Parsippany, New Jersey and has about 5,500 locations in more than 165 countries.

Schubert Jonckheer & Kolbe LLP, a San Francisco-based law firm that represents shareholders, employees, and consumers in class actions, sent out a news release Sept. 9 claiming the data breach affected 400,000 customers.