U-Haul Reports 67K Customers Impacted by Data Breach
In the notice letter sent out to affected individuals, U-Haul notes that credit card information was not accessed in the breach.
U-Haul — a truck, trailer, and self-storage rental company based in Arizona — has begun notifying 67,000 customers of a data breach late last year that compromised their personal information.
The breach occurred on Dec. 5 when an unauthorized actor somehow used legitimate credentials to access a system used by U-Haul dealers and team members to track customer reservations and view customer records.
Once U-Haul discovered the incident, it initiated its response protocol and launched an investigation of the breach alongside a cybersecurity firm. The investigation showed that certain customer records were accessed in the breach, including name and driver license information of 136 individuals residing in Maine.
In a notice letter to affected individuals, U-Haul noted that the customer record system involved in the breach is not connected to the payment system, therefore no card data was accessed by the threat actors. However, this kind of breach is not the first of its kind for the rental company.
"U-Haul is back again, having had a similar breach in 2022, with more stolen credential issues," stated Luciano Allegro, CMO at BforeAI, a predictive security company based in France. "It looks like U-Haul should strongly consider the implementation of mandatory multifactor authentication associated with all of their accounts to make it harder for attackers to steal credentials or conduct successful credential-stuffing attacks."
U-Haul is offering a complimentary one-year membership to Experian IdentityWorks to those affected but urges its customers to remain vigilant for fraud or identity theft by reviewing their own records.
About the Author
You May Also Like
Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024Securing Tomorrow, Today: How to Navigate Zero Trust
Nov 13, 2024The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024The Right Way to Use Artificial Intelligence and Machine Learning in Incident Response
Nov 20, 2024