Avis Data Security Settlement Covers Customers Affected by Rental Car Data Incident

If you rented a car from Avis between August 3-6, 2024, your personal information may have been exposed in a data breach affecting nearly 300,000 customers. A settlement has been approved to compensate those affected, with a non-reversionary fund of $3,075,000 available for eligible claimants. This means money that isn’t claimed doesn’t revert back to the company—it stays in the settlement fund to benefit those who do file. For example, if you were on a business trip and booked an Avis rental through your company’s account, your data could have been compromised, making you eligible for compensation even if you didn’t personally discover fraudulent charges. The settlement covers U.S.

residents whose sensitive data was stolen during a cyberattack on Avis Rent A Car System, LLC. The breach exposed names, addresses, driver’s license numbers, dates of birth, phone numbers, email addresses, credit card information, and bank account details. Affected customers can pursue two types of compensation: reimbursement of out-of-pocket losses up to $5,000 with documentation, or a pro rata payment from the remaining settlement fund regardless of documented losses. The key deadline to file your claim is June 21, 2026, after which you’ll forfeit your right to compensation from this settlement. The final court approval hearing is scheduled for July 28, and objection deadlines passed on May 22, so the settlement framework is largely locked in. Understanding your eligibility and the filing process is crucial, as many data breach settlements have surprisingly low claim rates—sometimes fewer than 10% of eligible victims file.

What Was the Avis Data Breach and When Did It Happen?
What Personal Data Was Exposed in the Avis Cybersecurity Incident?
Who Is Eligible for Compensation in the Avis Settlement?
What Are Your Compensation Options and How Much Can You Receive?
Key Filing Deadlines and What Happens If You Miss Them
How to File Your Claim: Step-by-Step Instructions
What Avis Is Doing to Prevent Future Data Breaches
Conclusion

What Was the Avis Data Breach and When Did It Happen?

On August 3-6, 2024, hackers gained unauthorized access to Avis Rent A Car System’s customer databases, extracting sensitive personal and payment information from approximately 299,006 customers. Avis discovered suspicious activity on August 5, 2024, immediately began investigating, and concluded their investigation by August 14. The company then began sending data breach notification letters on September 4, 2024—more than a month after the breach occurred.

This lag in notification is not unusual in major data breaches; companies often take weeks to investigate the full scope before notifying customers, but it also means many people were at risk during that window without knowing it. The breach targeted Avis’s customer-facing systems, specifically the rental reservation and customer account data. The attackers were sophisticated enough to maintain access for several days before being detected, indicating this wasn’t a simple opportunistic attack but a deliberate intrusion. Avis engaged cybersecurity experts to assess the attack and contacted law enforcement; the investigation by authorities remains ongoing.

What Was the Avis Data Breach and When Did It Happen?

What Personal Data Was Exposed in the Avis Cybersecurity Incident?

The compromised data includes a comprehensive collection of personally identifiable information and financial details. Stolen records contained customer names and residential addresses, making identity theft possible. Driver’s license numbers and full driver’s license information were exposed, which could be used to create fraudulent identification documents or open accounts in victims’ names. The breach also included dates of birth, phone numbers, and email addresses—information frequently used by fraudsters to bypass security verification questions or for phishing attacks.

Most critically, the breach exposed credit and debit card numbers along with expiration dates, as well as bank account information for customers who had saved their banking details in their Avis accounts. This level of financial data exposure creates immediate risk for fraudulent charges and unauthorized bank transfers. The combination of driver’s license numbers plus financial account information is particularly dangerous; a criminal with both could potentially open new accounts, take out loans, or make major purchases. This is why Avis offered one year of complimentary Equifax credit monitoring membership to affected customers—a standard but limited response that covers credit bureau monitoring but not real-time transaction monitoring on bank accounts.

Who Is Eligible for Compensation in the Avis Settlement?

Any U.S. resident whose personal information was included in the August 3-6, 2024 data breach from Avis Rent A Car System, LLC is eligible to file a claim. This includes customers who rented from Avis directly, as well as those who booked rentals through corporate accounts or travel agencies. Some settlements restrict claims to customers who suffered documented fraud, but this Avis settlement allows two separate claim types—one requiring proof of losses and one requiring no proof at all.

This is significantly more claimant-friendly than many settlements, which require documented evidence of fraud. To be eligible, you must have been a customer of Avis whose data was in their system during the breach window. You don’t need to have received a breach notification letter, though Avis sent these to approximately 299,006 people. If you made rental reservations during that period but don’t remember receiving a notification, you can still check the official settlement website to see if your email address is listed in the breach database. Keep in mind that some affected customers may not have received notices if their contact information was outdated or if postal mail was not delivered successfully.

Who Is Eligible for Compensation in the Avis Settlement?

What Are Your Compensation Options and How Much Can You Receive?

The Avis settlement offers two distinct compensation pathways. The first is reimbursement for documented out-of-pocket losses, up to a maximum of $5,000 per claimant. This covers actual losses incurred from August 3, 2024 through the claims deadline of June 21, 2026, including fraudulent charges, identity theft protection service costs, bank fees related to fraudulent transactions, and other unreimbursed losses directly caused by the breach. For example, if you paid $200 for identity theft protection services and had $400 in fraudulent charges on a credit card, you could claim $600 in documented losses.

The second option is a pro rata payment from the remaining fund balance, available to all claimants regardless of whether they can document losses. After attorneys’ fees (up to $1,025,000, or 33.33% of the settlement fund) and service awards to the ten representative plaintiffs ($2,500 each, totaling $25,000) are paid, the leftover settlement money is divided equally among all claimants who file a claim. If 50,000 people file claims, the remaining fund will be divided into 50,000 shares; if only 10,000 people file, each share is much larger. This is called a “fluid recovery” and incentivizes claiming even if you have no documented losses. The tradeoff is that many data breach claimants never file, so those who do typically receive more than they would if the fund were shared among all eligible victims.

Key Filing Deadlines and What Happens If You Miss Them

Your claim must be submitted online or postmarked by June 21, 2026—just over two weeks from the date of this article. This is not a flexible deadline; claims received after June 21 will not be accepted, and you’ll forfeit your right to any compensation from this settlement. Unlike some settlements that have extended deadlines or allow late claims under specific circumstances, data breach settlements typically enforce hard deadlines. If you’re planning to file, don’t assume you can submit your claim in early July; the deadline is final.

The timeline leading to that deadline includes the final court approval hearing on July 28, which means the settlement structure should be fully resolved by mid-summer. The earlier deadline to exclude yourself from the settlement or object to its terms was May 22, 2026—that date has passed. If you’re reading this after June 21, you’ve missed the opportunity to claim compensation from this particular settlement. This is a common experience in settlement administration; many eligible victims miss deadlines due to busy schedules, moving, or simply not seeing notifications, which is why settlement administrators often use multiple notification methods including direct mail, email, and published websites.

Key Filing Deadlines and What Happens If You Miss Them

How to File Your Claim: Step-by-Step Instructions

To file your claim, visit the official Avis Data Security Settlement website at avisdatasecuritysettlement.com. The site provides an online claims form that asks for your personal information to verify you’re an eligible victim, followed by either documentation of your losses (if claiming reimbursement) or simply confirmation that you want to participate in the pro rata distribution. If you’ve experienced identity theft, gather documentation such as receipts for identity theft protection services, screenshots or statements showing fraudulent charges, and any correspondence with your bank about disputed transactions.

You can also submit a claim by mailing a paper claim form (available on the settlement website) to the claims administrator, postmarked by June 21. The postal route takes longer and requires you to scan and mail documents, so online filing is recommended if you’re able. Include copies of your supporting documentation with your claim; originals are not necessary and shouldn’t be mailed. Processing times vary depending on claim volume and documentation review, but settlements of this size typically issue payments within 3-6 months after the final approval date.

What Avis Is Doing to Prevent Future Data Breaches

Avis did not admit wrongdoing but agreed to the settlement to resolve the litigation, which is standard language in data breach settlements. Beyond the financial settlement, Avis has committed to implementing security improvements to prevent similar breaches in the future, though the specific technical measures are not detailed in public settlement documents. The company engaged cybersecurity experts to assess the attack and its scope, helping identify vulnerabilities that were exploited.

The breach illustrates a broader pattern in the rental car industry and beyond: even large, established companies with security infrastructure can suffer significant data exposures if attackers are persistent and sophisticated enough. Avis’s response—offering free credit monitoring for one year—is standard but limited, as identity theft risks can extend far beyond 12 months. This settlement represents the legal accountability mechanism when prevention fails.

Conclusion

The Avis data breach settlement provides meaningful compensation for the nearly 300,000 customers affected by the August 2024 cyberattack. With a $3,075,000 settlement fund and flexible compensation options, eligible customers can either seek reimbursement for documented losses up to $5,000 or receive a share of the remaining fund with no documentation required. The settlement structure is favorable to claimants compared to many data breach settlements, but only if you actually file before the June 21, 2026 deadline.

Don’t delay in submitting your claim if you were an Avis customer during the breach window. Check the settlement website to verify your eligibility, gather any documentation of fraud or losses, and file your claim online well before the deadline. The settlement fund is significant, but your right to compensation disappears entirely if you miss the deadline, making this one situation where procrastination has real financial consequences.

Open Settlements You Can Claim Now

Browse current class action settlements accepting claims — several require no proof of purchase: