American moving truck, trailer, and self-storage rental company U-Haul has confirmed it was hit by a data breach that exposed the names and driving license numbers of its customers.
The security incident occurred after a customer contract search tool, that necessitates two unique passwords, was hacked to access sensitive information.
Storage's role in addressing the challenges of ensuring cyber resilience
Understanding the role of data storage in cyber resiliency
U-Haul first learned of the breach on August 1 following an incident investigation that began on July 12. Perpertuators accessed some customers' rental contracts between November 5, 2021, and April 5, 2022, the company confirmed.
U-Haul, however, affirmed its search tool cannot access payment card information. No credit card information was accessed or acquired, per the company.
In an effort to counteract the breach, the firm also changed the unique passwords to its search tool to prevent further intrusion.
"After an in-depth analysis, our investigation determined on September 7, 2022, the accessed information includes your name and driver's license or state identification number," U-Haul notified affected customers on Friday.
The firm has also extended third-party identity theft protection services to its customers.
“Additionally, we are offering affected customers identity theft protection services through Equifax for one year. This product helps detect possible misuse of your personal information and provides you with identity protection services focused on immediate identification and resolution of identity theft. The service is completely free to you and enrolling in this program will not hurt your credit score.”
