American Moving and storage giant U-Haul International (U-Haul) suffers a data breach.
This incident took place after a customer contract search tool was hacked to access data of customers’ names and driver’s license information.
According to a tersely worded regulatory filing on Friday, U-Haul detected a compromise of two unique passwords for accessing its contract search tool and took immediate steps to contain the incident.
The incident investigation started on July 12 after discovering the breach, the company found on August 1 that attackers accessed some customers’ rental contracts between November 5, 2021, and April 5, 2022.
Upon identifying the compromised passwords, U-Haul quickly enhanced security measures to prevent any further unauthorized access and cybersecurity experts were brought in to investigate the impact of the incident and implement additional security safeguards and controls to prevent further such incidents, the filing said.
While it didn’t explain how the credentials were compromised, the company changed them after the breach was detected to block additional malicious activity.
The investigation determined certain customer contracts, including names, dates of birth, and some customer driver’s license numbers were accessed using the compromised contract search tool.
No payment details accessed by Hackers
U-Haul said that no debit/credit card details were accessed or acquired during the incident because the compromised search tool does not provide payment card details to users.
“None of our financial, payment processing, or U-Haul email systems were involved; the access was limited to the customer contract search tool.”
U-Haul Offers free one-year identity theft protection services to affected customers through Equifax to help them detect when or if their personal information is misused.
U-Haul is taking steps to notify impacted customers, in addition to the appropriate governmental authorities.
“Security, in all forms, remains a critical priority at Amerco, and the Company will continue to take all appropriate measures to safeguard the integrity of its information technology infrastructure,” the filing stated.
Comments are closed, but trackbacks and pingbacks are open.