Rental Car Co. Sixt Facing Class Action Over 2022 Data Breach
Estevez v. Sixt Rent a Car, LLC
Filed: August 12, 2022 ◆§ 0:22-cv-61507
Sixt Rent a Car faces a class action in the wake of a cyberattack that reportedly compromised the sensitive personal information of thousands of current and former employees.
Sixt Rent a Car faces a proposed class action in the wake of a cyberattack earlier this year that reportedly compromised the sensitive personal information of thousands of current and former employees.
The 39-page complaint says that the incident occurred between April 27 and May 1, 2022, yet Sixt did not discover that personal information was compromised until June 2. The suit alleges the car rental giant, which has more than 30 locations nationwide, stored the sensitive employee data “in a reckless manner,” leaving it vulnerable to cyberattacks.
Information compromised in the Sixt data breach, which media reports say disrupted the company’s global operations, includes at least current and former employees’ full names and some combination of their dates of birth; health-related information; and Social Security, driver’s license, state identification, passport, financial account and health insurance numbers, the lawsuit relays.
After discovering the breach, Sixt then waited until July 6, roughly two months after the incident occurred, to begin notifying victims whose information may have been affected, the case says. In its notice, Sixt said that it “identified unusual network activity” sometime after May 1, and that there was evidence that “unauthorized activity” occurred on the company network.
The filing contends that Sixt cyberattack victims may have been able to mitigate the effects of the incident had the company properly monitored and cared for the sensitive information in its custody. As a result of the cyberattack and Sixt’s handling of it, victims will need to expend time and money to catch unauthorized and fraudulent charges; change their usernames and passwords; investigate, correct and resolve unauthorized debits and deal with any other fallout from the capture of their sensitive data, the suit relays.
According to the complaint, Sixt failed to comply with Federal Trade Commission guidelines that stress the importance of businesses implementing reasonable cybersecurity practices. Among other things, these guidelines advise that companies should dispose of personal information that is no longer needed, encrypt data stored on computer networks, understand the network’s vulnerabilities and implement procedures to correct any security problems, the filing states.
The lawsuit looks to cover all persons whose private information was compromised as a result of the Sixt Rent a Car cyberattack.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
Hair Relaxer Lawsuits
Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.
Read more here: Hair Relaxer Cancer Lawsuits
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.