Sixt Rent-a-Car, LLC Reports Data Breach That Appears to Have Affected Employees, Their Dependents, and Possibly Customers

Richard Console, Jr.
Console and Associates, P.C.
Contact
LinkedIn
Facebook
X
Send
Embed

In recent data breach news, Sixt Rent-a-Car, LLC confirmed that the company experienced a data breach after an unauthorized party gained access to sensitive consumer data contained on the network. Based on the available information, it appears as though the incident affected employees, their dependents, and possibly customers. According to the Sixt, the breach resulted in the following data types being compromised: names, Social Security numbers, driver’s license numbers, state identification card numbers, passport numbers (or other government-issued identification numbers), financial account numbers used for direct deposit, health insurance numbers, health information, and dates of birth. On July 6, 2022, Sixt filed official notice of the breach and sent out data breach letters to all affected parties.

If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Sixt SE data breach, please see our recent piece on the topic here.

More on the Sixt SE Data Breach

According to an official notice filed by the company, on April 29, 2022, Sixt SE detected “irregularities” within its network. In response, Sixt implemented the data security protocol it had in place and reports to have quickly shut down unauthorized access. However, a subsequent investigation by the company confirmed that the incident was a targeted cyberattack and that the unauthorized party was able to access employee information in the possession of Sixt.

Upon discovering that sensitive consumer data was accessible to an unauthorized party, Sixt SE then reviewed the affected files to determine exactly what information was compromised. While the breached information varies depending on the individual, it may include the following data types:

  • Names,

  • Social Security numbers,

  • Driver’s license numbers,

  • State identification card numbers,

  • Passport numbers (or other government-issued identification numbers),

  • Financial account numbers used for direct deposit,

  • Health insurance numbers,

  • Health information, and

  • Dates of birth.

On July 6, 2022, Sixt SE sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.

Sixt Rent-a-Car, LLC is a rental car company based in Pullach, Germany. Sixt Rent-a-Car, LLC is operated by its parent company, Sixt SE. The company was founded in 1912 but only more recently began serving customers in the United States. As of 2021, the Sixt maintained a fleet of 245,000 vehicles. In addition to rental cars, the company also operates other related businesses, including Sixt share (car sharing), Sixt ride (ridesharing), and Sixt + (car subscription service). Sixt SE employs more than 7,000 people and generates approximately $2 billion in annual revenue.

Can Employees Hold Employers Liable for Data Breaches Affecting Their Information?

Yes, employees may be able to hold their employers liable through a data breach class action lawsuit following a data breach affecting their information. However, just because a data breach occurred does not necessarily mean that an employer was at fault or that they will be held financially responsible. As a general rule, employees must prove both that their employer was negligent and that they suffered harm as a result of the incident.

As is the case with most cases falling under the umbrella of negligence, proving a data breach claim requires employees to prove, 1.) the company owed them a duty of care, 2.) the company violated the duty owed to employees, and 3.) the company’s breach of this duty caused or contributed to the data breach.

While it may seem as though proving employer negligence in the wake of a data breach lawsuit is straightforward, that is not necessarily the case. Of course, all employers owe a duty to keep employees’ personal, financial and healthcare-related information safe. However, whether a company violated that duty is often disputed. Additionally, the “causation” element of the claim is often contested, as employers often place blame for a breach on the third party who orchestrated the attack.

However, just because a criminal actor carried out the attack doesn’t mean that an employer is immune from liability. Employers have a legal duty to implement adequate data security systems to protect employee data. And whether an employer’s data-security measures are sufficient can be called into question.

When it comes to establishing the “damages” element of a data breach lawsuit, the most common types of damages relate to identity theft and other frauds committed against victims. However, courts have recently begun allowing data breach victims to proceed with a case even if they have not yet fallen victim to identity theft or fraud to recover damages. These courts have held that the increased risk of identity theft in the future is sufficient to recover damages.

Victims of a data breach involving their employer should reach out to a dedicated data breach lawyer for assistance.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Console and Associates, P.C. | Attorney Advertising

Written by:

Console and Associates, P.C.
Console and Associates, P.C.
Contact
more
less

Console and Associates, P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide