U-Haul International – a provider of moving and storage rental services – has revealed that it has suffered a data breach after a customer contract search tool was exploited by hackers to copy customers’ names and driver’s license information.
According to the company, it launched an incident investigation on July 12 after it discovered signs of a breach. U-Haul later found on August 01 that the cyber attackers responsible accessed several customers’ rental contracts between November 05, 2021, and April 05, 2022.
U-Haul told customers in a notification letter regarding the breach that an investigation on September 07 determined that the accessed information included their names and driver’s license or state identification number.
BleepingComputer reported that the hacker managed to access U-Haul rental contacts search portal after compromising two “unique passwords.” U-Haul did not explain how the passwords were compromised but said that they have since been changed after the breach. The company also stated that no credit card information was accessed by the attackers, since the search tool does not provide such data.
The moving company has announced that it will be offering affected customers one year of free identity theft protection services, provided by Equifax.
U-haul has a network of more than 23,000 locations across the US and Canada, BleepingComputer said. With a fleet of about 186,000 trucks, 128,000 trailers, and 46,000 towing devices, U-Haul is also the third largest self-storage operator in North America.