February 23, 2024 at 03:11PM
U-Haul notifies 67,000 customers in the US and Canada of a security breach on December 5th. Intruders gained access to customer records with personal data, but no financial info was compromised. U-Haul enhanced security measures and offered affected customers a free one-year membership with Experian IdentityWorks Credit 3B. Identity-related attacks have surged in the past year, with a 71% increase in attacks using valid credentials reported by IBM X-Force.
Key Takeaways from the U-Haul Meeting Notes:
– U-Haul experienced a security breach where miscreants gained unauthorized access to their U-Haul Dealer and Team Members system, compromising the personal data of approximately 67,000 customers in the United States and Canada.
– The compromised customer records contained personal information such as names, dates of birth, and driver license numbers. No financial information was accessed.
– U-Haul has taken steps to enhance its security measures, including changing passwords on compromised accounts and offering affected customers a free one-year membership with Experian IdentityWorks Credit 3B to help mitigate potential identity theft risks.
– IBM X-Force reported a significant increase in identity-related attacks, with a 71 percent year-over-year rise in the volume of attacks using valid credentials in 2023. Compromised accounts represented 30 percent of all the incidents that IBM’s incident response team assisted with last year.
– Cloud account credentials make up 90 percent of for-sale cloud assets on the dark web, according to X-Force findings. CrowdStrike’s 2024 Global Threat Report also identified an increase in identity-related threats, including the targeting of API keys, session cookies, and Kerberos tickets.
– CrowdStrike’s Adam Meyers highlighted the focus of threat actors on utilizing legitimate identities and tools to evade detection and remain unnoticed while carrying out malicious activities.
These takeaways summarize the security breach at U-Haul and the broader increase in identity-related threats as reported by cybersecurity experts and organizations.