Avis Facing Class Action Lawsuit in Wake of August 2024 Data Breach

New to ClassAction.org? Read our Newswire Disclaimer

Avis Rent A Car System, LLC faces a proposed class action that claims the rental car company failed to adequately safeguard the private information of more than 300,000 customers during an August 2024 data breach.

Get the latest open class action lawsuits sent to your inbox. Sign up for ClassAction.org’s free weekly newsletter.

According to the 41-page Avis data breach lawsuit, customers’ names, driver’s license numbers, dates of birth, phone numbers, credit card numbers and expiration dates were compromised when an unauthorized third party gained access to one of the company’s business applications between August 3 and August 6, 2024. Avis claims to have discovered the intrusion on August 5, the case says.

The filing alleges the incident stemmed directly from Avis’s failure to implement and follow “basic” cybersecurity procedures—conduct that the suit argues is particularly negligent since cyberattacks have become a foreseeable, notorious threat to companies that store private information.

The complaint contends that affected customers, who reportedly received notice of the data breach around September 4, 2024, are now at a “substantially increased and certainly impending” risk of identity theft, fraud and other crimes.

“Mitigating that risk—to the extent it is even possible to do so—requires individuals to devote significant time and money to closely monitor their credit, financial accounts, health records, and email accounts, and to take a number of additional prophylactic measures,” the data breach lawsuit says.

Per the suit, Avis failed to comply with Federal Trade Commission guidelines, industry standards and its own privacy policy representations regarding data security. The plaintiff, a Texas resident who has used Avis’s services to rent a car, contends that Avis has shown itself to be “wholly incapable” of securing his private data.

“As a direct and proximate result of Avis’s inadequate data security, and its breach of its duty to handle [personally identifiable information] with reasonable care, Plaintiff’s [personally identifiable information] has been accessed by hackers, posted on the dark web, and exposed to an untold number of unauthorized individuals,” the class action lawsuit reads.

The Avis lawsuit looks to represent anyone in the United States whose personal and/or financial information was exposed to unauthorized third parties as a result of the data breach experienced by the defendant, including all who received notice of the incident.

Check out ClassAction.org’s lawsuit list for the latest open class action lawsuits and investigations.