U-Haul — a truck, trailer, and self-storage rental firm based mostly in Arizona — has begun notifying 67,000 clients of an information breach late final yr that compromised their private info.
The breach occurred on Dec. 5 when an unauthorized actor someway used respectable credentials to entry a system utilized by U-Haul sellers and workforce members to trace buyer reservations and examine buyer information.
As soon as U-Haul found the incident, it initiated its response protocol and launched an investigation of the breach alongside a cybersecurity agency. The investigation confirmed that sure buyer information had been accessed within the breach, together with title and driver license info of 136 people residing in Maine.
In a discover letter to affected people, U-Haul famous that the shopper report system concerned within the breach is just not linked to the fee system, due to this fact no card information was accessed by the risk actors. Nevertheless, this sort of breach is just not the primary of its sort for the rental firm.
“U-Haul is again once more, having had an identical breach in 2022, with extra stolen credential points,” said Luciano Allegro, CMO at BforeAI, a predictive safety firm based mostly in France. “It seems to be like U-Haul ought to strongly take into account the implementation of necessary multifactor authentication related to all of their accounts to make it tougher for attackers to steal credentials or conduct profitable credential-stuffing assaults.”
U-Haul is providing a complimentary one-year membership to Experian IdentityWorks to these affected however urges its clients to stay vigilant for fraud or identification theft by reviewing their very own information.
