The notice appeared in the mail, nestled between utility bills and grocery flyers, exactly like the kind of envelope that most people put away and forget. Many Avis customers first discovered that their phone numbers, birth dates, credit card numbers, and driver’s license numbers had already been shared in an unseen location.
The actual breach occurred quickly; during a four-day period between August 3 and August 6, 2024, an unauthorized party surreptitiously accessed one of Avis’s business applications and took nearly 300,000 people’s personal information. It wasn’t until September 4 that Avis spoke in public. Some of that data had already appeared on the dark web by then, according to the lawsuit that followed.
| Avis Data Security Incident — Key Information | Details |
|---|---|
| Company Involved | Avis Rent A Car System, LLC (and Avis Budget Group Inc.) |
| Type of Incident | Data breach / unauthorized third-party access |
| Dates of Breach | August 3, 2024 – August 6, 2024 |
| Public Disclosure Date | September 4, 2024 |
| People Affected | Approximately 299,006 U.S. residents |
| Data Exposed | Names, driver’s license numbers, credit card numbers and expiration dates, birth dates, phone numbers |
| Case Name | In re: Avis Rent A Car System, LLC Security Incident Litigation |
| Case Number | 2:24-cv-09243 |
| Court | U.S. District Court for the District of New Jersey |
| Settlement Amount | Roughly $1.02 million |
| Max Individual Payout | Up to $5,000 for documented out-of-pocket losses |
| Claim Deadline | June 21, 2026 |
| Exclusion/Objection Deadline | May 22, 2026 |
| Final Approval Hearing | July 28, 2026 |
| Claims Administrator Address | 1650 Arch Street, Suite 2210, Philadelphia, PA 19103 |
By corporate standards, the settlement that is currently available for claims is not very large. Approximately $1.02 million, which includes the lead plaintiff’s service award, administrative expenses, legal fees, and approximately 299,000 impacted customers. When you divide that figure, it begins to seem tiny.
However, the structure is more intriguing than the sum. Members of the class are eligible to receive up to $5,000 each if they can provide proof of actual financial harm, such as fraudulent charges, credit monitoring fees, the cost of freezing and unfreezing credit reports, and time lost tracking down a stolen identity. A pro rata cash payment is taken from what’s left over after the documented claims are paid for those who don’t have receipts. Paperwork is rewarded by this type of math.
For what it’s worth, Avis disputes any misconduct. The language used in these agreements is standard, and it should be interpreted as a legal posture rather than an admission of confidence, as lawyers do. A more direct argument was made in the initial complaint, which was filed in September 2024 by a man from New Jersey named Jason Shay.
He claimed that a company that was in possession of this highly sensitive customer data had an obligation to protect it but failed to do so. An odd amount of data is gathered by rental car companies; you give them your license, your card, sometimes a second card, and occasionally your passport. After the clerk returns the keys, most customers don’t consider what happens to that data.
Observing these breach settlements pass through the courts one after another gives the impression that the figures are beginning to become meaningless. A few dollars per person after the attorneys are compensated, a million dollars here, three hundred thousand there. A select group received $300 from the home security settlement that was reached that same week.
The pizza chain fee case is still pending. Since a driver’s license number never expires once it is issued, it is difficult to ignore the fact that the compensation rarely equals the stakes. A birthdate doesn’t either. It is possible to reissue credit cards. People are followed by those other things.
Beyond the particular data points, the Avis hack revealed how thin the line has become between a routine transaction and a lifetime of low-grade vigilance. In short, Shay’s grievance is that he will have to keep an eye on his accounts for the rest of his life. Really, that isn’t dramatic language. It’s simply the new math of being a consumer everywhere.
Affected clients can mail the form to the claims administrator in Philadelphia or submit it online at the settlement website. June 21, 2026 is the deadline. On July 28, a judge will hold the final approval hearing to determine whether any of this truly becomes real money. The data has already been lost, regardless of whether the settlement is accepted. It was decided in August, two summers ago, in a four-day period that most people were unaware of.
Disclaimer
Nothing published on Creative Learning Guild — including news articles, legal news, lawsuit summaries, settlement guides, legal analysis, financial commentary, expert opinion, educational content, or any other material — constitutes legal advice, financial advice, investment advice, or professional counsel of any kind. All content on this website is provided strictly for informational, educational, and news reporting purposes only. Consult your legal or financial advisor before taking any step.
