U-Haul has began informing clients {that a} hacker used stolen account credentials to entry an inside system for sellers and crew members to trace buyer reservations.
The breach uncovered buyer data that embody private data however fee particulars haven’t been impacted.
U-Haul is an American firm that rents transferring gear and space for storing for ‘do-it-yourself’ buyer wants. It presents vans, trailers, and different gear and companies for transferring family items.
The agency has been operational since 1945, has a employees of 19,500, and has an annual income of over $4.5 billion.
Yesterday, U-Haul started emailing clients whose information was accessed with out authorization within the cyberattack.
“U-Haul realized on December 5, 2023, that official credentials had been utilized by an unauthorized celebration to entry a system U-Haul Sellers and Crew Members use to trace buyer reservations and think about buyer data,” – U-Haul
“The investigation recognized particular buyer data that had been accessed, together with certainly one of your data,” the corporate says within the notification to clients.
The info varieties which have been uncovered in these buyer data embody full names, dates of delivery, and driver’s license numbers.
U-Haul clarified that the breached system is just not a part of their fee system, so hackers couldn’t entry fee card information.
The corporate says it has reset passwords for all affected accounts as a precaution and carried out further safety safeguards and controls to stop related incidents from occurring sooner or later.
Recipients of the info breach notification will obtain a one-year id theft safety service with directions on easy methods to enroll enclosed within the letters.
U-Haul has not decided what number of clients have been uncovered on this case.
BleepingComputer has contacted U-Haul to be taught extra in regards to the information breach and its scope of impression, however a remark wasn’t instantly out there. Additionally, the corporate’s web site was offline on the time of penning this.
In September 2022, U-Haul disclosed one other information breach, saying that attackers had accessed customer rental contracts between November 2021 and April 2022.
In that case too, the hackers used two compromised account credentials to entry U-Haul’s inside portal.
