Customers are now being informed by U-Haul that a hacker has gained access to an internal system used by team members and dealers to monitor customer reservations using stolen account credentials.
Customer records that contain personal information were made public by the breach, but payment information was unaffected.
For “do-it-yourself” customer needs, U-Haul is an American company that rents storage space and moving equipment. For moving household goods, it provides trucks, trailers, and other tools and services.
The company has been in operation since 1945, employs 19,500 people, and earns more than$ 4.5 billion annually.
Customers whose data was accessed without authorization during the cyberattack started receiving emails from U-Haul yesterday.
According to the company’s customer notification,” The investigation identified specific customer records that were accessed, including one of your records.”
Full names, birth dates, and driver’s license numbers are just a few of the data types that have been made public in these customer records.
Hackers were unable to access payment card data because U-Haul clarified that the compromised system is not a component of their payment system.
As a precaution, the company claims to have reset the passwords for all affected accounts and put additional security measures in place to stop further incidents.
A one-year identity theft protection service with enrollment instructions is provided to those who receive the data breach notification.
How many customers were exposed in this case is unknown to U-Haul.
A comment was not immediately available, but BleepingComputer contacted U-Haul to find out more about the data breach and its potential effects. Additionally, the business ‘ website was unavailable when this was being written.
Another data breach was revealed by U-Haul in September 2022, according to which attackers had access to customer rental contracts between November 2021 and April of that year.
In that instance as well, the hackers gained access to U-Haul’s internal portal using two compromised account credentials.