February 23, 2024 at 09:17AM
U-Haul recently informed customers that a hacker used stolen account credentials to access an internal system, exposing customer records with personal data, but no payment details. The American company, operational since 1945, provides moving equipment and storage. U-Haul is offering identity theft protection and has implemented security measures following the breach, which is separate from their payment system.
Based on the meeting notes, the key takeaways are:
1. A hacker gained unauthorized access to U-Haul’s internal system for tracking customer reservations and viewing customer records through stolen account credentials.
2. The breach exposed customer records containing personal information such as full names, dates of birth, and driver’s license numbers, but payment details were not compromised.
3. U-Haul has initiated communication with affected customers and has reset passwords for all affected accounts as a precaution. Additionally, the company has implemented additional security measures to prevent similar incidents in the future.
4. Recipients of the data breach notification will be offered a one-year identity theft protection service and instructions on how to enroll.
5. The recent data breach is not the first instance, as U-Haul had previously disclosed another breach in September 2022.
It is also worth noting that U-Haul’s website was offline at the time of the meeting, and the company had not determined the exact number of customers impacted by the recent breach. Additionally, inquiries by BleepingComputer for further information about the breach and its scope did not yield an immediate comment from U-Haul.