U-Haul, an American moving and storage company, has suffered a data breach in which certain sensitive customer information was stolen, according to the company.
U-Haul said in an email to affected customers that an unidentified threat actor managed to compromise two unique passwords and gain access to its contract search tool.
"The investigation found that an unauthorised person accessed the customer contract search tool and certain customer contracts," U-Haul said in the announcement, although it did not reveal how many customers were affected.
Payment data safe
The perpetrators managed to steal certain personally identifiable information through the use of the tool: "After an intense investigation on September 7, 2022, the accessed information includes your name and driver''s license or state identification number," the letter reads.
U-Haul discovered the incident in mid-July 2022, and after a few weeks of investigations, found that the attackers accessed some customer rental agreements signed between early November 2021 and early April 2022.
The company did not disclose how these accounts were compromised, and whether or not the attackers used malware or viruses (opens in a new tab), but it said that the passwords used to break into the system were changed in the wake of the breach, to reduce the attacks'' radius. De asemenea, the company confirmed that no payment data was taken given that the compromised tool didn''t have access to such data in the first place.
"None of our financial, payment processing, or U-Haul email systems was involved; the access was limited to the customer contract search tool," the company said.
U-Haul will provide free identity theft protection for affected customers for 12 months, including in new tabs. This way, customers will be able to track more easily if someone attempts to abuse their identity online.
U-Haul, a major moving and storage company, has a network of over 23,000 locations in the United States and Canada, with a fleet of 186,000 trucks, 128,000 trailers, and 46,000 towing devices. All of this, according to BleepingComputer, is the third largest self-storage company in North America.