Rental Car Co. Sixt Facing Class Action Over 2022 Data Breach
Estevez v. Sixt Rent a Car, LLC
Filed: August 12, 2022 ◆§ 0:22-cv-61507
Sixt Rent a Car faces a class action in the wake of a cyberattack that reportedly compromised the sensitive personal information of thousands of current and former employees.
Sixt Rent a Car faces a proposed class action in the wake of a cyberattack earlier this year that reportedly compromised the sensitive personal information of thousands of current and former employees.
The 39-page complaint says that the incident occurred between April 27 and May 1, 2022, yet Sixt did not discover that personal information was compromised until June 2. The suit alleges the car rental giant, which has more than 30 locations nationwide, stored the sensitive employee data “in a reckless manner,” leaving it vulnerable to cyberattacks.
Information compromised in the Sixt data breach, which media reports say disrupted the company’s global operations, includes at least current and former employees’ full names and some combination of their dates of birth; health-related information; and Social Security, driver’s license, state identification, passport, financial account and health insurance numbers, the lawsuit relays.
After discovering the breach, Sixt then waited until July 6, roughly two months after the incident occurred, to begin notifying victims whose information may have been affected, the case says. In its notice, Sixt said that it “identified unusual network activity” sometime after May 1, and that there was evidence that “unauthorized activity” occurred on the company network.
The filing contends that Sixt cyberattack victims may have been able to mitigate the effects of the incident had the company properly monitored and cared for the sensitive information in its custody. As a result of the cyberattack and Sixt’s handling of it, victims will need to expend time and money to catch unauthorized and fraudulent charges; change their usernames and passwords; investigate, correct and resolve unauthorized debits and deal with any other fallout from the capture of their sensitive data, the suit relays.
According to the complaint, Sixt failed to comply with Federal Trade Commission guidelines that stress the importance of businesses implementing reasonable cybersecurity practices. Among other things, these guidelines advise that companies should dispose of personal information that is no longer needed, encrypt data stored on computer networks, understand the network’s vulnerabilities and implement procedures to correct any security problems, the filing states.
The lawsuit looks to cover all persons whose private information was compromised as a result of the Sixt Rent a Car cyberattack.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
Video Game Addiction Lawsuits
If your child suffers from video game addiction — including Fortnite addiction or Roblox addiction — you may be able to take legal action. Gamers 18 to 22 may also qualify.
Learn more:Video Game Addiction Lawsuit
Depo-Provera Lawsuits
Anyone who received Depo-Provera or Depo-Provera SubQ injections and has been diagnosed with meningioma, a type of brain tumor, may be able to take legal action.
Read more: Depo-Provera Lawsuit
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.