The U-Haul Breach – Customer Driver Licenses Go Public
Data breaches have reached new heights in 2022 with dozens of companies disclosing such incidents in the past couple of months. In fact, even Samsung suffered a huge breach this year and the attackers benefited a lot from that. Now, moving and storage giant U-Haul International (U-Haul) joined the mix.
Cybercriminals infiltrated the company’s contract search tool and managed to access customers’ names and driver’s license information.
The breach is big and U-Haul presented a full statement about the incident and measures it has taken to protect its customers. Here’s everything we know about the breach.
The U-Haul Breach – When Unique Passwords are Compromised
Malicious infiltrations are getting out of control. Even the biggest companies were not able to fend off such attacks. Microsoft, one of the best manufacturers in the world, fell victim to the Lapsus$ group – the hackers known for data theft and extortion.
Now, unknown attackers have breached U-Haul by compromising two “unique passwords.” After the malicious activity, the company stated that it has changed the passwords and that everything is ok.
However, the company did not disclose what data has been breached, but it did claim that no payment information or credit card data was harvested.
Now, the question is: What is U-Haul doing to protect its customers and prevent future attacks? According to the company, here’s what it’s implementing:
“The safety and trust of our customers, including the protection of personal information, is a top priority for U-Haul Company and we take that responsibility very seriously.
While the information accessed in this incident did not include payment card information, we fully understand this is an inconvenience to you.
We sincerely apologize for that. Please know we are working diligently to further augment our security measures to guard against such incidents and implementing additional security safeguards and controls on the search tool.
Additionally, we are offering affected customers identity theft protection services through Equifax for one year.
This product helps detect possible misuse of your personal information and provides you with identity protection services focused on immediate identification and resolution of identity theft.
The service is completely free to you and enrolling in this program will not hurt your credit score.”
As we mentioned, U-Haul did not state what the attackers accessed in the breach. They just disclosed what they did not. Apparently, the attack did not impact the company’s email and customer-facing websites.
Moreover, the threat actors did not get their hands on any financial, payment processing or U-Haul email systems. All the breach impacted was data corresponding to the customer contract search tool.
U-Haul Hit Had: Not a Simple Drive-By Attack
With 186,000 trucks, 128,000 trailers, and 46,000 towing devices, U-Haul poses a perfect target for cybercriminals. They can benefit a lot by hacking the company’s systems and harvesting its data.
Such breaches are happening every day and you should always take the proper precautions to fend them off. Regardless of who you are, be it a company or an individual, you’re a target.
Implement the right security measures, secure your devices, and never share your passwords with anyone. Aside from that, always submit the minimum amount of information online. You never know who’s lurking to harvest it.