Someone gained unauthorized access to Avis Rent A Car’s systems in early August 2024 and spent about four days going through files that contained nearly 300,000 customers’ private information. names. numbers on driver’s licenses. Expiration dates and credit card numbers. dates of birth. phone numbers. Customers had trusted one of the most well-known car rental companies in the world to protect their data, and by the time it was over, the breach had lasted from August 3 to August 6.
The ensuing class action lawsuits were eventually combined into a single case that was submitted to the U.S. District Court for the District of New Jersey. Avis agreed to pay $1,025,000 to resolve the claims, but it has not acknowledged any wrongdoing. On January 20, 2026, the court issued preliminary approval. AvisDataSecuritySettlement.com, the official settlement website, is operational. The claim deadline is June 21, 2026.
Although the settlement is smaller than some of the recent high-profile data breach settlements, such as Comcast’s $117.5 million agreement for 31 million customers or Equifax’s historic $700 million deal, it covers a more specific demographic. There are about 299,006 people in the settlement class, so you shouldn’t be wondering if you might be eligible. You’re probably in the class if you used Avis to rent a car and got a breach notification.
IMPORTANT INFORMATION TABLE — AVIS DATA BREACH SETTLEMENT
| Category | Details |
|---|---|
| Case Name | In re: Avis Rent A Car System, LLC Security Incident Litigation |
| Case Number | 2:24-cv-09243 |
| Court | U.S. District Court for the District of New Jersey |
| Defendant | Avis Rent A Car System, LLC |
| Settlement Amount | $1,025,000 |
| Preliminary Court Approval | January 20, 2026 |
| Breach Period | August 3–6, 2024 (approximately 4 days) |
| Data Compromised | Names, driver’s license numbers, credit card numbers and expiration dates, dates of birth, phone numbers |
| Estimated Affected Customers | ~299,006 U.S. residents |
| Eligibility | U.S. residents whose private information was compromised in the August 2024 Avis data breach |
| Maximum Documented Loss Claim | Up to $5,000 (with proof: invoices, receipts, bank statements) |
| Reimbursable Losses | Fraud, identity theft, credit monitoring, professional fees, postage, bank fees |
| Equal-Share Cash Payment | Available to all class members with no proof required (pro rata from settlement fund) |
| Claim Deadline | June 21, 2026 (online submission or postmarked) |
| Exclusion/Objection Deadline | May 22, 2026 |
| Final Approval Hearing | July 28, 2026 |
| Settlement Website | AvisDataSecuritySettlement.com |
| Claims Administrator | Avis Data Security Incident Litigation, c/o Claims Administrator, 1650 Arch Street, Suite 2210, Philadelphia, PA 19103 |
| Phone | 888-818-4234 |
| Additional Settlement Commitment | Avis agreed to implement cybersecurity improvements as part of the settlement |
The settlement can be advantageous in two ways. Class members may apply for reimbursement up to $5,000 if they can prove out-of-pocket losses related to the breach, such as expenses for identity theft, fraud, credit monitoring, credit report freezes, professional fees, postage, and similar costs incurred between August 3, 2024, and the claim deadline. Invoices, bank statements, and receipts are examples of tangible proof that must be submitted. The kind of paper trail that can significantly impact what they recover but that most people don’t think to keep. Class members can still submit a claim for a pro rata cash payment from what’s left in the settlement fund after documented claims and legal fees are paid, even if they don’t have any documented losses or just don’t want to collect that documentation. That option only requires a valid claim form that was submitted prior to the deadline; no proof is needed.
A useful point to note is that there are approximately 299,000 eligible class members and a total settlement fund of $1,025,000. The individual amounts will be small if a significant portion of those individuals submit the no-documentation cash payment claim. Those who file might get more if comparatively few people do. Every pro rata class action settlement has this basic dynamic: the amount paid depends in part on the number of people who actually take the time to file, which is typically a small percentage of those who qualify. Those who are aware of this are more likely to file; those who are not are more likely to miss the deadline.
When considering the Avis hack in its entirety, it seems like four days is a long time for an unauthorized actor to have access to a database that holds nearly 300,000 people’s credit card and driver’s license information. A person with your address, date of birth, credit card number, and license number has the majority of the information they need to cause major financial difficulties. This type of data makes identity theft a real problem rather than a theoretical one. It is currently challenging to confirm from the outside whether any particular individuals were actually misused as a result of the breach. The settlement provides a way to compensate individuals who were harmed as well as an indirect acknowledgement that the incident happened and that consumers should be compensated for having their data compromised.
Avis has also agreed to make changes to its cybersecurity systems as part of the settlement. While most data breach settlements include this commitment as a forward-looking clause, the actual significance of these commitments varies depending on the company and implementation. As is typical with this type of settlement, the agreement does not specify the precise nature of the changes.
A unique ID and PIN from the settlement notice that qualified clients received by mail or email are used in the claim filing process. Members of the class who possess that information are able to file directly on the settlement website. Individuals have until May 22, 2026, to choose not to participate in the settlement and maintain their ability to take Avis to court. Payments to class members won’t start until the final approval hearing is held on July 28, 2026, and any appeals have been settled.
The date to keep in mind is June 21. The information collected in August 2024 belongs to actual people with actual exposure, the settlement is legitimate, and the procedure is simple. It takes a few minutes to file. Nothing is accomplished by not filing.
