U-Haul Reports 67K Customers Impacted by Data Breach
In the notice letter sent out to affected individuals, U-Haul notes that credit card information was not accessed in the breach.
U-Haul — a truck, trailer, and self-storage rental company based in Arizona — has begun notifying 67,000 customers of a data breach late last year that compromised their personal information.
The breach occurred on Dec. 5 when an unauthorized actor somehow used legitimate credentials to access a system used by U-Haul dealers and team members to track customer reservations and view customer records.
Once U-Haul discovered the incident, it initiated its response protocol and launched an investigation of the breach alongside a cybersecurity firm. The investigation showed that certain customer records were accessed in the breach, including name and driver license information of 136 individuals residing in Maine.
In a notice letter to affected individuals, U-Haul noted that the customer record system involved in the breach is not connected to the payment system, therefore no card data was accessed by the threat actors. However, this kind of breach is not the first of its kind for the rental company.
"U-Haul is back again, having had a similar breach in 2022, with more stolen credential issues," stated Luciano Allegro, CMO at BforeAI, a predictive security company based in France. "It looks like U-Haul should strongly consider the implementation of mandatory multifactor authentication associated with all of their accounts to make it harder for attackers to steal credentials or conduct successful credential-stuffing attacks."
U-Haul is offering a complimentary one-year membership to Experian IdentityWorks to those affected but urges its customers to remain vigilant for fraud or identity theft by reviewing their own records.
About the Author(s)
You May Also Like
Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024Finding Your Way on the Path to Zero Trust
May 22, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024