Nearly 300,000 Avis customers have until June 27 to file a claim in a class action settlement tied to a 2024 data breach that exposed driver’s license numbers, payment card details, and other sensitive personal information. After that date, the window closes and eligible customers who have not filed will likely receive nothing.
The breach occurred between August 3 and August 6, 2024, when an unauthorized party gained access to one of Avis’s business applications and extracted customer records. Avis began sending notification letters to affected individuals in September and October 2024 and reported the incident to attorneys general in multiple states as required by state breach notification laws.
What was exposed and why it matters
According to the consumer notification filed with the Maine Attorney General’s office, the compromised data included names, addresses, driver’s license numbers, and financial account information. The Maine AG’s breach log puts the number of affected individuals at approximately 299,006 nationwide. The Commonwealth of Massachusetts also lists the incident in its 2024 data breach report, confirming that payment card data was among the records accessed.
That combination is especially dangerous. A stolen driver’s license number can be used to open fraudulent accounts, rent vehicles under someone else’s identity, or forge identification documents. Payment card data enables unauthorized purchases and can trigger months of disputes with banks. When criminals hold both a government-issued ID number and financial credentials for the same person, they can cross-reference those details to defeat security checks that rely on matching personal identifiers to payment records.
What the settlement includes
The consolidated class action, In re Avis Budget Group, Inc. Data Security Breach Litigation, was filed in the U.S. District Court for the District of New Jersey. A settlement has been reached in which Avis has not admitted wrongdoing, which is standard in class action settlements of this type.
Under the terms, eligible class members can seek reimbursement for documented out-of-pocket losses connected to the breach. That includes costs for credit monitoring services purchased after the breach, bank fees triggered by unauthorized transactions, and time spent resolving fraud. The settlement also provides class members who file valid claims with credit monitoring through Experian for a period of two years.
Specific payment amounts depend on how many people submit claims and the type of losses each claimant documents. As with most data breach settlements, individual payouts vary. Claimants who can provide receipts, bank statements, or other proof of breach-related expenses are in the strongest position to receive higher reimbursements.
To be eligible, you generally need to have received a breach notification letter from Avis or the settlement administrator. That letter contains a unique claim number and instructions for filing online or by mail.
How to file before the June 27 deadline
If you still have your notification letter, start there. It includes your claim number, the web address for the settlement claims portal, and a toll-free number for questions. Follow the instructions to submit your claim and upload supporting documents, such as bank statements showing fraudulent charges or receipts for credit monitoring you purchased after learning about the breach.
Do not wait until June 27 to submit. Claims portals often experience heavy traffic near deadlines, and technical problems on the final day will not automatically earn you an extension.
If you believe your data was part of the breach but never received a letter, or if you moved and the letter went to a previous address, contact the settlement administrator directly. You can also reach Avis customer service and ask whether your name appears on the list of affected individuals. Court filings and public notices about the case typically reference the settlement website where you can check your eligibility.
How the exposed data can be used against you after June 27
The June 27 deadline applies only to the settlement claim. The risks from exposed personal data do not come with an expiration date.
Pull your credit reports from all three major bureaus (Equifax, Experian, and TransUnion) through AnnualCreditReport.com, the federally authorized source for free reports. Look for accounts you do not recognize, hard inquiries you did not authorize, or address changes you did not make.
Place a free credit freeze with each bureau. A freeze blocks new accounts from being opened in your name without your explicit approval, does not affect your credit score, and can be lifted temporarily whenever you need to apply for credit.
Review your bank and credit card statements for unfamiliar charges, including small ones. Fraudsters frequently test stolen card data with minor transactions before attempting larger purchases. Report anything suspicious to your financial institution immediately.
If your driver’s license number was compromised, contact your state’s Department of Motor Vehicles about issuing a replacement with a new number. Policies vary, but some states will reissue a license when you can show your number was exposed in a confirmed breach.
Warren Cohen is a finance writer based in Phoenix, Arizona, covering personal finance topics including credit, banking, and beginner investing. He earned his degree in business administration from Arizona State University and began his career working in consumer finance, where he gained direct experience with lending and credit systems. He now writes for personal finance websites and fintech platforms, focusing on clear, practical content that helps readers make informed financial decisions.
