Moving and storage giant U-Haul has started informing customers of a data breach impacting some of their personal information.

On Friday, U-Haul began sending notification letters to potentially impacted customers to inform them that compromised credentials were used to access some of their data without authorization.

“We detected a compromise of two unique passwords that were used to access a customer contract search tool that allows access to rental contracts for U-Haul customers,” reads a notification letter sample that U-Haul submitted to the Montana Attorney General.

The search tool, the company says, does not store payment card information, meaning that no credit card details were exposed in the incident.

However, the unauthorized party was able to access customer names, driver’s license numbers, or state identification numbers.

Between November 5, 2021, and April 5, 2022, the attackers accessed some rental contracts, the company says, without providing information on the number of impacted customers.

“None of our financial, payment processing or U-Haul email systems were involved; the access was limited to the customer contract search tool,” U-Haul says.

SecurityWeek has emailed U-Haul for additional information on the incident and will update this article as soon as a reply arrives.

With a fleet of hundreds of thousands of trucks, trailers, and towing devices, U-Haul has a network of more than 23,000 locations across North America.

By Ionut Arghire on Tue, 13 Sep 2022 09:42:44 +0000
Original link