Rental Car Co. Sixt Facing Class Action Over 2022 Data Breach

New to ClassAction.org? Read our Newswire Disclaimer

Sixt Rent a Car faces a proposed class action in the wake of a cyberattack earlier this year that reportedly compromised the sensitive personal information of thousands of current and former employees. 

The 39-page complaint says that the incident occurred between April 27 and May 1, 2022, yet Sixt did not discover that personal information was compromised until June 2. The suit alleges the car rental giant, which has more than 30 locations nationwide, stored the sensitive employee data “in a reckless manner,” leaving it vulnerable to cyberattacks. 

Information compromised in the Sixt data breach, which media reports say disrupted the company’s global operations, includes at least current and former employees’ full names and some combination of their dates of birth; health-related information; and Social Security, driver’s license, state identification, passport, financial account and health insurance numbers, the lawsuit relays. 

After discovering the breach, Sixt then waited until July 6, roughly two months after the incident occurred, to begin notifying victims whose information may have been affected, the case says. In its notice, Sixt said that it “identified unusual network activity” sometime after May 1, and that there was evidence that “unauthorized activity” occurred on the company network. 

The filing contends that Sixt cyberattack victims may have been able to mitigate the effects of the incident had the company properly monitored and cared for the sensitive information in its custody. As a result of the cyberattack and Sixt’s handling of it, victims will need to expend time and money to catch unauthorized and fraudulent charges; change their usernames and passwords; investigate, correct and resolve unauthorized debits and deal with any other fallout from the capture of their sensitive data, the suit relays.

According to the complaint, Sixt failed to comply with Federal Trade Commission guidelines that stress the importance of businesses implementing reasonable cybersecurity practices. Among other things, these guidelines advise that companies should dispose of personal information that is no longer needed, encrypt data stored on computer networks, understand the network’s vulnerabilities and implement procedures to correct any security problems, the filing states. 

The lawsuit looks to cover all persons whose private information was compromised as a result of the Sixt Rent a Car cyberattack. 

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.