Source: LH Images via Alamy Stock Photo
U-Haul — a truck, trailer, and self-storage rental company based in Arizona — has begun notifying 67,000 customers of a data breach late last year that compromised their personal information.
The breach occurred on Dec. 5 when an unauthorized actor somehow used legitimate credentials to access a system used by U-Haul dealers and team members to track customer reservations and view customer records.
Once U-Haul discovered the incident, it initiated its response protocol and launched an investigation of the breach alongside a cybersecurity firm. The investigation showed that certain customer records were accessed in the breach, including name and driver license information of 136 individuals residing in Maine.
In a notice letter to affected individuals, U-Haul noted that the customer record system involved in the breach is not connected to the payment system, therefore no card data was accessed by the threat actors. However, this kind of breach is not the first of its kind for the rental company.
"U-Haul is back again, having had a similar breach in 2022, with more stolen credential issues," stated Luciano Allegro, CMO at BforeAI, a predictive security company based in France. "It looks like U-Haul should strongly consider the implementation of mandatory multifactor authentication associated with all of their accounts to make it harder for attackers to steal credentials or conduct successful credential-stuffing attacks."
U-Haul is offering a complimentary one-year membership to Experian IdentityWorks to those affected but urges its customers to remain vigilant for fraud or identity theft by reviewing their own records.