U-Haul admits thousands of customers had data stolen in breach
Unnamed hackers stole login credentials and accessed U-Haul company system
U-Haul has confirmed it suffered a data breach which resulted in sensitive customer data being stolen.
The company confirmed the news via breach notification emails being sent to affected victims noting the incident happened on December 5, after an unnamed threat actor managed to steal login credentials for the U-Haul Dealer and Team Member system.
This system, the company further explained, is used to track reservations and view customer records.
No payment data
With the help of the login information, the attackers accessed the systems, where they managed to locate and exfiltrate sensitive data belonging to roughly 67,000 customers in both the United States, and Canada.
The data that was stolen included people’s full names, dates of birth, and driver license numbers, but payment data was not affected.
"The customer record system that was involved is not part of our payment system," the company said in its letter. "No payment card data was involved."
So far, U-Haul is not sharing additional details about the breach. Therefore, we don’t know if this was just data theft, or perhaps ransomware. We also don’t know if the attackers tried to extort the company for the data, or how the attackers stole the login credentials used to access the system - whether it was via an infostealer or phishing attack.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Going forward, U-Haul said it has made changes to tighten up on security and make sure such incidents never happen again, such as new passwords for all compromised accounts.
Finally, U-Haul will offer all affected customers a free one-year membership with Experian, to monitor and protect their digital identities.
Via The Register
More from TechRadar Pro
- One of the biggest data leaks ever has just been revealed - here's what to do if you've been hit
- Here's a list of the best firewalls around today
- These are the best endpoint security tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.