U-Haul, an Arizona-based truck, trailer and self-storage rental company, began notifying 67,000 customers of a data breach late last year that compromised their personal information.
The breach occurred on December 5, when an unauthorized actor somehow used legitimate credentials to access a system used by U-Haul resellers and team members to track customer bookings and view customer records.
Once the incident was discovered, U-Haul initiated its response protocol and launched an investigation into the breach along with a cybersecurity firm. The investigation showed that some customer records were accessed during the breach, including the name and driver’s license information of 136 individuals residing in Maine.
In a warning letter to those affected, U-Haul noted that the customer registration system involved in the breach is not connected to the payment system, so the threat actors did not have access to card data. However, this type of breach is not the first of its kind for the rental company.
βU-Haul is back again, after suffering a similar breach in 2022, with more issues of stolen credentials,β said Luciano Allegro, CMO of BforeAI, a predictive security company based in France. βIt appears that U-Haul should strongly consider implementing mandatory multi-factor authentication associated with all of its accounts to make it more difficult for attackers to steal credentials or conduct successful credential stuffing attacks.β
U-Haul is offering a free one-year subscription to Experian IdentityWorks to interested individuals, but urges its customers to remain vigilant for fraud or identity theft by reviewing their records.