U-Haul data breach exposed customer driver licenses


American moving and storage company U-Haul discloses a breach that exposed personal customer data.

The company noticed the intrusion when it discovered two unique passwords were compromised and used to access a customer contract search tool. It’s not clear how threat actors got a hold of the credentials.

“Upon identifying the compromised passwords, we promptly changed the passwords to prevent any further unauthorized access and started an investigation. Cybersecurity experts were engaged to identify the contracts and customers that were involved,” reads the company’s statement.

ADVERTISEMENT

The breach was identified on 12 July 2022, and later investigation showed that threat actors accessed customer contracts between November 2021 and April 2022.

“[…] some customer data was accessed by an unauthorized individual. We are providing notice to affected customers. The type of information that was involved includes names, dates of birth and driver’s license numbers,” the company said.

U-Haul said that no financial, payment processing or internal email systems were breached, and unauthorized access was limited only to the customer contract search tool. The company said that customers whose data was compromised would receive a notice from U-Haul.

U-Haul is one of the biggest companies in the industry, employing over 19,000 people across the US. The company boasts a fleet of more than 186,000 trucks, 128,000 trailers, and 46,000 towing devices across 21,000 locations in the US and Canada.