U-Haul has began informing clients {that a} hacker used stolen account credentials to entry an inside system for sellers and group members to trace buyer reservations.
The breach uncovered buyer information that embody private data however cost particulars haven’t been impacted.
U-Haul is an American firm that rents shifting tools and space for storing for ‘do-it-yourself’ buyer wants. It provides vehicles, trailers, and different tools and providers for shifting family items.
The agency has been operational since 1945, has a employees of 19,500, and has an annual income of over $4.5 billion.
Yesterday, U-Haul started emailing clients whose information was accessed with out authorization within the cyberattack.
“U-Haul realized on December 5, 2023, that reliable credentials had been utilized by an unauthorized celebration to entry a system U-Haul Sellers and Staff Members use to trace buyer reservations and consider buyer information,” – U-Haul
“The investigation recognized particular buyer information that had been accessed, together with one among your information,” the corporate says within the notification to clients.
The info sorts which were uncovered in these buyer information embody full names, dates of start, and driver’s license numbers.
U-Haul clarified that the breached system is just not a part of their cost system, so hackers couldn’t entry cost card information.
The corporate says it has reset passwords for all affected accounts as a precaution and applied extra security safeguards and controls to forestall related incidents from occurring sooner or later.
Recipients of the data breach notification will obtain a one-year id theft safety service with directions on easy methods to enroll enclosed within the letters.
U-Haul has not decided what number of clients have been uncovered on this case.
BleepingComputer has contacted U-Haul to be taught extra concerning the data breach and its scope of affect, however a remark wasn’t instantly obtainable. Additionally, the corporate’s web site was offline on the time of penning this.
In September 2022, U-Haul disclosed one other data breach, saying that attackers had accessed buyer rental contracts between November 2021 and April 2022.
In that case too, the hackers used two compromised account credentials to entry U-Haul’s inside portal.
