U-Haul confirms data breach, customer driving licences exposed

Image Credit: Shutterstock (Image credit: Shutterstock)

American moving and storage rental company U-Haul has suffered a data breach in which certain sensitive customer data was stolen, the company has confirmed.

In an announcement sent out to affected customers,U-Haul said that an unidentified threat actor managed to compromise two “unique passwords” and gain access to its contract search tool.

"The investigation determined an unauthorized person accessed the customer contract search tool and some customer contracts," U-Haul said in the announcement, although it didn't say how many customers were affected.

Payment data safe

Through the use of the tool, the attackers managed to steal certain personally identifiable information: "After an in-depth analysis, our investigation determined on September 7, 2022, the accessed information includes your name and driver's license or state identification number," the announcement reads.

U-Haul discovered the incident in mid-July 2022, and after a few weeks of investigations, found that the attackers accessed some customers’ rental contracts, signed between early November 2021, and early April 2022.

The company did not go into detail on how these accounts got compromised, and whether or not the attackers used malware or viruses, but it did say that the passwords used to break into the system were changed in the aftermath of the breach, to limit the attack’s blast radius. Furthermore, the company confirmed that no payment data was taken, given that the compromised tool didn’t have access to such data in the first place.

"None of our financial, payment processing, or U-Haul email systems were involved; the access was limited to the customer contract search tool,” the company concluded.

> Samsung’s data breach is why you shouldn’t have to sign in to smart TVs

> Top data breaches and cyber attacks of 2022

> Remove viruses and ransomware with the best malware protection services around

To mitigate the damages, U-Haul will provide affected customers with free identity theft protection services through Equifax, for 12 months. That way, customers will be able to track, more easily, if someone tries to abuse their identity online.

U-Haul is a major moving and storage rental company. According to BleepingComputer, it has a network of more than 23,000 locations in the U.S. and Canada, and operates a fleet of some 186,000 trucks, 128,000 trailers, and 46,000 towing devices. All of this, it was said, makes it the third largest self-storage operator in North America.

These are the best firewalls right now

Via: BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.