U-Haul International (U-Haul), a truck, trailer and self-storage rental company with more than 23,000 locations in the United States and Canada, has reported a data leak after a customer contract search tool was hacked, allowing hackers to access customer names and driver’s license information.
The attacker gained access to the U-Haul rental contracts search portal after compromising two “unique passwords.” Although the company did not specify how the login credentials were compromised, they were changed after the breach was discovered to prevent further suspicious attacks.
U-Haul also stated that no credit card information was accessed or obtained as a result of the attack, as the affected search tool does not allow users to enter payment card information. The company offered affected users free identity theft protection through Equifax for a year to help them in detecting when or if their personal information is being misused.
After an investigation that began on July 12 after the intrusion was discovered, the company found on August 1 that attackers gained access to some customers’ rental contracts between November 5, 2021, and April 5, 2022.
The source of this piece includes an article in BleepingComputer.
