U-Haul has confirmed it suffered a data breach which resulted in sensitive customer data being stolen.
The company confirmed the news via breach notification emails being sent to affected victims noting the incident happened on December 5, after an unnamed threat actor managed to steal login credentials for the U-Haul Dealer and Team Member system.
This system, the company further explained, is used to track reservations and view customer records.
No payment data
With the help of the login information, the attackers accessed the systems, where they managed to locate and exfiltrate sensitive data belonging to roughly 67,000 customers in both the United States, and Canada.
The data that was stolen included people’s full names, dates of birth, and driver license numbers, but payment data was not affected.
“The customer record system that was involved is not part of our payment system,” the company said in its letter. “No payment card data was involved.”
So far, U-Haul is not sharing additional details about the breach. Therefore, we don’t know if this was just data theft, or perhaps ransomware. We also don’t know if the attackers tried to extort the company for the data, or how the attackers stole the login credentials used to access the system – whether it was via an infostealer or phishing attack.
Going forward, U-Haul said it has made changes to tighten up on security and make sure such incidents never happen again, such as new passwords for all compromised accounts.
Finally, U-Haul will offer all affected customers a free one-year membership with Experian, to monitor and protect their digital identities.
Via The Register
More from TechRadar Pro
Services Marketplace – Listings, Bookings & Reviews