U-Haul Informs Customers of Major Data Breach

Written by

U-Haul has been forced to notify tens of thousands of customers that their personal data was compromised in a breach last year.

The truck and trailer rental giant confirmed to the press that 67,000 US and Canadian customers were impacted by the incident, which took place between July 20 and October 2 last year.

“U-Haul learned on December 5, 2023, that legitimate credentials were used by an unauthorized party to access a system U-Haul Dealers and Team Members use to track customer reservations and view customer records,” it explained in a separate breach notification letter.

“We initiated our response protocol and a cybersecurity firm was engaged to conduct an investigation.”

Read more on data breaches: US Smashes Annual Data Breach Record With Three Months Left

According to the letter, which was published by the Maine Office of the Attorney General (OAG), names, dates of birth and driver’s license numbers were accessed by the unauthorized individual. However, the threat actor was fortunately unable to access the company’s payment network, meaning customer card details are safe.

“We take the privacy of information under our care seriously. To help prevent a similar incident in the future, we have and will continue to take steps to enhance security measures, including changing passwords for affected accounts and implementing additional security safeguards and controls,” the breach noticed continued.

“As a precaution, we are offering you a free one-year membership with Experian IdentityWorksSM Credit 3B. This product helps detect any misuse of your personal information and provides you with identity protection services that focus on immediate identification and resolution of any instance of identity theft.”

The U-Haul website was down at the time of writing, although it’s unclear why.

This is not the first time the multibillion-dollar revenue company has suffered a data breach.

In September 2022 it revealed that an unauthorized party had compromised two unique passwords used to access a customer contract search tool. This allowed them to access rental contracts for U-Haul customers – with an estimated 2.2 million customers impacted.

Image credit: Prashanth Bala / Shutterstock.com

What’s hot on Infosecurity Magazine?