Connect with us

Hi, what are you looking for?

Internet Security

U-Haul says hacker accessed customer records using stolen creds

U-Haul says hacker accessed customer records using stolen creds


U-Haul has started informing customers that a hacker used stolen account credentials to access an internal system for dealers and team members to track customer reservations.

The breach exposed customer records that include personal information but payment details have not been impacted.


U-Haul is an American company that rents moving equipment and storage space for ‘do-it-yourself’ customer needs. It offers trucks, trailers, and other equipment and services for moving household goods.

The firm has been operational since 1945, has a staff of 19,500, and has an annual revenue of over $4.5 billion.

Yesterday, U-Haul began emailing customers whose data was accessed without authorization in the cyberattack.

“U-Haul learned on December 5, 2023, that legitimate credentials were used by an unauthorized party to access a system U-Haul Dealers and Team Members use to track customer reservations and view customer records,” – U-Haul

“The investigation identified specific customer records that were accessed, including one of your records,” the company says in the notification to customers.

The data types that have been exposed in these customer records include full names, dates of birth, and driver’s license numbers.

U-Haul clarified that the breached system is not part of their payment system, so hackers could not access payment card data.

The company says it has reset passwords for all affected accounts as a precaution and implemented additional security safeguards and controls to prevent similar incidents from occurring in the future.

Recipients of the data breach notification will receive a one-year identity theft protection service with instructions on how to enroll enclosed in the letters.

U-Haul has not determined how many customers have been exposed in this case.

BleepingComputer has contacted U-Haul to learn more about the data breach and its scope of impact, but a comment wasn’t immediately available. Also, the company’s website was offline at the time of writing this.

In September 2022, U-Haul disclosed another data breach, saying that attackers had accessed customer rental contracts between November 2021 and April 2022.

In that case too, the hackers used two compromised account credentials to access U-Haul’s internal portal.

Update 2/23 – A U-Haul spokesperson told BleepingComputer that the data breach impacts 67,000 customers from the U.S. and Canada.



The article was first published here

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

iPhone

10:29 a.m. ET, February 22, 2024 AT&T recently applied for a waiver to allow it to stop servicing traditional landlines in California From CNN’s...

Entertainmment

Everyone in Kyle Hausmann-Stokes’ compassionate feature My Dead Friend Zoe has suffered a loss. Merit (Sonequa Martin-Green), a nervous Afghanistan war veteran, is reeling...

Gaming

Video: Bandai Namco Reveals New Gameplay Footage Of Dragon Ball Z: Kakarot DLC 6  Nintendo Life Dragon Ball Z: Kakarot DLC Trailer Previews Goku’s Next...

Computing

Using 3D storage techniques, scientists at the University of Shanghai for Science and Technology developed an optical disk capable of accommodating 1.6 petabits of...