U-Haul admits data breach

The international transport, haulage, and storage firm says it has suffered a cyberattack. The precise number of victims cannot be confirmed, though local media in the US put it in the tens of thousands.

Data accessed by the cyberattackers is said to include names, dates of birth, and driver’s license numbers. It’s not clear if the victims are just customers or also include employees of the firm, which is estimated to have well over 30,000 workers on its books.

While U-Haul did not disclose the precise number of victims, local media in Arizona, where the attack is believed to have taken place, estimate it to be around 67,000, which would mean the affected victims likely include customers as well.

U-Haul says it learned of the data breach on December 5th, though it did not inform the attorney general in Maine, which imposes unusually strict reporting requirements for data breaches affecting its residents, until February 22nd.

In a letter sent to potential victims, the company said: “Legitimate credentials were used by an unauthorized party to access a system U-Haul Dealers and Team Members use to track customer reservations and view customer records.”

U-Haul says it has offered free credit monitoring and identity protection services to victims and engaged a cybersecurity firm to further investigate the matter.

It added: “The customer record system that was involved [in the data breach] is not part of our payment system. No payment card data was involved.”

Founded in 1945, U-Haul operates a fleet of 176,000 trucks, 127,000 trailers, and 41,000 towing devices and manages more than 66.7 million square feet of self-storage facilities across the US and Canada.

More from Cybernews:

Cybernews podcast: how algorithms curate and flatten our online lives

LockBit still shows signs of life, new ransom attacks reported

Cyberstalking and cyber harassment: knowing the laws and your rights

Bezos, Nvidia join OpenAI in funding humanoid robot startup

LockBit's admin engaged authorities - law enforcement

Subscribe to our newsletter