U-Haul recently disclosed a data breach affecting approximately 67,000 customers in the US and Canada.
Description
The breach, which occurred between July 20 and October 2, 2023 [2], involved unauthorized access to a system used by U-Haul dealers [3], compromising customers’ names [4], birth dates [4], and driver’s license numbers [1] [2] [3] [4] [5] [6]. Fortunately, no payment card data was compromised in this incident. U-Haul promptly discovered the breach on December 5, 2023, and specific customer records were identified as being accessed [5]. The company has notified affected customers and is enhancing security measures, including changing passwords and offering credit monitoring and identity theft protection services [4]. U-Haul is also providing affected customers with a free one-year membership with Experian IdentityWorksSM Credit 3B for identity protection services [2]. Customers are advised to remain vigilant of suspicious communications and to contact U-Haul directly if in doubt [5]. The official U-Haul website is currently down [5], and customers should be cautious of potential scams using their personal information [5]. This data breach is not the first for U-Haul, as a previous incident in September 2022 impacted an estimated 2.2 million customers [2]. The breach, discovered on December 5, 2023 [1] [5] [6], exposed customer records containing personal information such as full names [6], dates of birth [2] [6], and driver’s license numbers [1] [2] [3] [4] [5] [6]. U-Haul is notifying customers whose records were accessed and has confirmed that the unauthorized party used legitimate credentials to gain access to the system used by dealers and team members to track customer reservations [6]. U-Haul has enlisted the assistance of a cybersecurity firm to investigate the breach and is providing free credit-monitoring services to victims [3]. The company emphasized its commitment to enhancing security measures to prevent similar incidents in the future [3], including implementing additional security safeguards and controls [3]. Despite the breach [3], U-Haul continues to operate its rental [3], moving supplies [3], and self-storage services [3].
Conclusion
The data breach at U-Haul has impacted a significant number of customers, leading to the compromise of personal information. However, the company is taking steps to mitigate the effects of the breach by enhancing security measures and offering identity theft protection services to affected customers. Moving forward, U-Haul is committed to preventing similar incidents in the future through the implementation of additional security safeguards and controls.
References
[1] https://www.bitdefender.co.uk/blog/hotforsecurity/u-haul-tells-customers-their-personal-data-has-been-caught-up-in-a-breach/
[2] https://www.infosecurity-magazine.com/news/uhaul-informs-customers-major-data/
[3] https://cybermaterial.com/u-haul-data-breach-hits-67k-customers/
[4] https://www.azcentral.com/story/money/business/consumers/2024/02/23/u-haul-data-breach/72713283007/
[5] https://www.bitdefender.com/blog/hotforsecurity/u-haul-tells-customers-their-personal-data-has-been-caught-up-in-a-breach/
[6] https://cyber.vumetric.com/security-news/2024/02/23/u-haul-says-hacker-accessed-customer-records-using-stolen-creds/