U-Haul has begun notifying potentially impacted customers after they identified a breach in their network. According to the company, an unknown attacker managed to compromise two unique passwords that were used to access the customer contract tool that allows access to rental contracts for U-Haul customers. U-Haul does not store payment data, so credit cards were not impacted in the breach. The attacker managed to steal data from contracts from November 2021 until April 2022. Data included renters’ names, driver’s license numbers, and state identification numbers.
Analyst Notes
Impacted customers could be at a higher risk for fraud or phishing attacks. It is important to stay vigilant moving forward after an incident like this. Any unauthorized activity noticed by affected parties should be reported to U-Haul as well as the appropriate law enforcement groups. Affected customers are being offered one year of credit monitoring to identify information misuse.
https://www.securityweek.com/u-haul-says-customer-data-accessed-using-compromised-credentials