Hacker Used Stolen Credentials to Breach U-Haul Customer Information

In a recent notification, moving truck company U-Haul disclosed a data breach affecting its tens of thousands of customers.

The American truck, trailer, and storage company said that an unauthorized individual used legitimate credentials to access a system called “Dealers and Team Members” to track and view customer reservations and records.

The breach, which was discovered on December 5, 2023, took place between July 20 and October 2, 2023, the company said in a data breach notice filed with the Office of Maine Attorney General.

“U-Haul learned on December 5, 2023, that legitimate credentials were used by an unauthorized party to access a system U-Haul Dealers and Team Members use to track customer reservations and view customer records,” U-Haul explained in an email to customers.

Upon learning of the incident, U-Haul immediately initiated its response protocol, while also engaging a cybersecurity firm to conduct an investigation.

According to the email sent, customers’ names, dates of birth and driver’s license numbers were accessed in this breach. However, the hackers were unable to access any payment or card-related information.

‘’The customer record system that was involved is not part of our payment system. No payment card data was involved,’’ the company stated.

As a remediation measure, it has reset the passwords of all affected customer accounts and deployed additional security safeguards. These were done to protect customer information and to prevent occurrence of similar incidents in the future.

“As a precaution, we are offering you a free one-year membership with Experian IdentityWorksSM Credit 3B. This product helps detect any misuse of your personal information and provides you with identity protection services that focus on immediate identification and resolution of any instance of identity theft,” the breach notification read.

At the time of writing, U-Haul’s website continues to remain offline for undisclosed reasons.