Moving and storage giant U-Haul has started informing customers of a data breach impacting some of their personal information.
On Friday, U-Haul began sending notification letters to potentially impacted customers to inform them that compromised credentials were used to access some of their data without authorization.
“We detected a compromise of two unique passwords that were used to access a customer contract search tool that allows access to rental contracts for U-Haul customers,” reads a notification letter sample that U-Haul submitted to the Montana Attorney General.
The search tool, the company says, does not store payment card information, meaning that no credit card details were exposed in the incident.
However, the unauthorized party was able to access customer names, driver’s license numbers, or state identification numbers.
Between November 5, 2021, and April 5, 2022, the attackers accessed some rental contracts, the company says, without providing information on the number of impacted customers.
“None of our financial, payment processing or U-Haul email systems were involved; the access was limited to the customer contract search tool,” U-Haul says.
SecurityWeek has emailed U-Haul for additional information on the incident and will update this article as soon as a reply arrives.
With a fleet of hundreds of thousands of trucks, trailers, and towing devices, U-Haul has a network of more than 23,000 locations across North America.
Related: Samsung US Says Customer Data Compromised in July Data Breach
Related: Ransomware Gang Claims Customer Data Stolen in TAP Air Portugal Hack
Related: Authorities Seize Online Marketplace for Stolen Credentials
Related: OneTouchPoint Discloses Data Breach Impacting Over 30 Healthcare Firms

More from Ionut Arghire
- Blackpoint Raises $190 Million to Help MSPs Combat Cyber Threats
- ‘Asylum Ambuscade’ Group Hit Thousands in Cybercrime, Espionage Campaigns
- Google Cloud Now Offering $1 Million Cryptomining Protection
- Pharmaceutical Giant Eisai Takes Systems Offline Following Ransomware Attack
- North Korean Hackers Blamed for $35 Million Atomic Wallet Crypto Theft
- Cisco Patches Critical Vulnerability in Enterprise Collaboration Solutions
- Android’s June 2023 Security Update Patches Exploited Arm GPU Vulnerability
- US, Israel Provide Guidance on Securing Remote Access Software
Latest News
- In Other News: AI Regulation, Layoffs, US Aerospace Attacks, Post-Quantum Encryption
- Blackpoint Raises $190 Million to Help MSPs Combat Cyber Threats
- Google Introduces SAIF, a Framework for Secure AI Development and Use
- ‘Asylum Ambuscade’ Group Hit Thousands in Cybercrime, Espionage Campaigns
- Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021
- SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint
- Google Cloud Now Offering $1 Million Cryptomining Protection
- Democrats and Republicans Are Skeptical of US Spying Practices, an AP-NORC Poll Finds
