U-Haul International, which leases trucks for moving and storage, announced a data breach after hackers stole customers’ names and driver’s license information via a customer contract search tool.
An incident investigation was launched on July 12 after evidence of a breach were discovered, according to the business. Later, on August 1, U-Haul discovered that the hackers had examined many customers’ rental contracts between November 5, 2021, and April 5, 2022.
U-Haul said in a letter to clients about the breach that an investigation on September 7 discovered that their names and driver’s license or state ID numbers were among the information accessed.
The hacker gained access to the U-Haul rental contacts search engine by acquiring two “unique passwords,” according to BleepingComputer. U-Haul did not specify how the credentials were compromised, however they did state that the passwords have been reset following the hack. The business also said that the hackers did not get any credit card information since the search tool does not provide such information.
Customers who were impacted will get free identity theft protection services from Equifax for a year, according to the moving firm.
According to BleepingComputer, U-haul has over 23,000 sites in the United States and Canada. U-Haul is also North America’s third biggest self-storage firm. Its fleet consists of around 186,000 vehicles, 128,000 trailers, and 46,000 towing devices.