The Information Highway

The Information Highway

Font size: +
2 minutes reading time (367 words)

U-Haul says hacker accessed customer records using stolen creds

U-Haul has started informing customers that a hacker used stolen account credentials to access an internal system for dealers and team members to track customer reservations.

The breach exposed customer records that include personal information but payment details have not been impacted.

U-Haul is an American company that rents moving equipment and storage space for 'do-it-yourself' customer needs. It offers trucks, trailers, and other equipment and services for moving household goods. 

The firm has been operational since 1945, has a staff of 19,500, and has an annual revenue of over $4.5 billion.

Yesterday, U-Haul began emailing customers whose data was accessed without authorization in the cyberattack. 

"U-Haul learned on December 5, 2023, that legitimate credentials were used by an unauthorized party to access a system U-Haul Dealers and Team Members use to track customer reservations and view customer records," 

by U-Haul

"The investigation identified specific customer records that were accessed, including one of your records," the company says in the notification to customers.

The data types that have been exposed in these customer records include full names, dates of birth, and driver's license numbers.

U-Haul clarified that the breached system is not part of their payment system, so hackers could not access payment card data.

The company says it has reset passwords for all affected accounts as a precaution and implemented additional security safeguards and controls to prevent similar incidents from occurring in the future.

Recipients of the data breach notification will receive a one-year identity theft protection service with instructions on how to enroll enclosed in the letters.

U-Haul has not determined how many customers have been exposed in this case.

has contacted U-Haul to learn more about the data breach and its scope of impact, but a comment wasn't immediately available. Also, the company's website was offline at the time of writing this.

In September 2022, U-Haul disclosed another data breach, saying that attackers had accessed customer rental contracts between November 2021 and April 2022.

In that case too, the hackers used two compromised account credentials to access U-Haul's internal portal.

Update 2/23 - A U-Haul spokesperson explained that the data breach impacts 67,000 customers from the U.S. and Canada.

Google Pay app shutting down in US, users have til...
Microsoft has started testing Wi-Fi 7 support in W...
 

Comments

No comments made yet. Be the first to submit a comment
Tuesday, 05 November 2024

Captcha Image

Top Breaches Of 2023

Customers Affected In T-Mobile Breach
Accounts Affected In MOVEit Breach
Customers Affected In MCNA Insurance Data Breach
Individuals Affected In PharMerica Data Breach
Users Affected In ChatGPT Major Data Breach
*Founder Shield End of Year 2023