Moving and storage giant U-Haul has started informing customers of a data breach impacting some of their personal information.
On Friday, U-Haul began sending notification letters to potentially impacted customers to inform them that compromised credentials were used to access some of their data without authorization.
“We detected a compromise of two unique passwords that were used to access a customer contract search tool that allows access to rental contracts for U-Haul customers,” reads a notification letter sample that U-Haul submitted to the Montana Attorney General.
The search tool, the company says, does not store payment card information, meaning that no credit card details were exposed in the incident.
However, the unauthorized party was able to access customer names, driver’s license numbers, or state identification numbers.
Between November 5, 2021, and April 5, 2022, the attackers accessed some rental contracts, the company says, without providing information on the number of impacted customers.
“None of our financial, payment processing or U-Haul email systems were involved; the access was limited to the customer contract search tool,” U-Haul says.
SecurityWeek has emailed U-Haul for additional information on the incident and will update this article as soon as a reply arrives.
With a fleet of hundreds of thousands of trucks, trailers, and towing devices, U-Haul has a network of more than 23,000 locations across North America.
Related: Samsung US Says Customer Data Compromised in July Data Breach
Related: Ransomware Gang Claims Customer Data Stolen in TAP Air Portugal Hack
Related: Authorities Seize Online Marketplace for Stolen Credentials
Related: OneTouchPoint Discloses Data Breach Impacting Over 30 Healthcare Firms

More from Ionut Arghire
- Microsoft Makes SMB Signing Default Requirement in Windows 11 to Boost Security
- Zyxel Urges Customers to Patch Firewalls Against Exploited Vulnerabilities
- Gigabyte Rolls Out BIOS Updates to Remove Backdoor From Motherboards
- Information of 2.5M People Stolen in Ransomware Attack at Massachusetts Health Insurer
- US, South Korea Detail North Korea’s Social Engineering Techniques
- High-Severity Vulnerabilities Patched in Splunk Enterprise
- Enzo Biochem Ransomware Attack Exposes Information of 2.5M Individuals
- Google Temporarily Offering $180,000 for Full Chain Chrome Exploit
Latest News
- What if the Current AI Hype Is a Dead End?
- Microsoft Makes SMB Signing Default Requirement in Windows 11 to Boost Security
- Zyxel Urges Customers to Patch Firewalls Against Exploited Vulnerabilities
- Gigabyte Rolls Out BIOS Updates to Remove Backdoor From Motherboards
- SBOMs – Software Supply Chain Security’s Future or Fantasy?
- Ransomware Group Used MOVEit Exploit to Steal Data From Dozens of Organizations
- Cybersecurity M&A Roundup: 36 Deals Announced in May 2023
- Insider Q&A: Artificial Intelligence and Cybersecurity In Military Tech
