"U-Haul Reports Data Breach, Customers' Info Exposed"

The US moving and storage rental company U-Haul has experienced a data breach as a result of an unauthorized person gaining access to an unspecified number of rental contracts, according to Amerco, U-Haul's parent company. The number of impacted customers is unknown, but their payment card information appears to be secure. The threat actor only had access to the customers' names, driver's license numbers, and state identification numbers. According to the data breach notice that U-Haul began sending to customers on or around September 9, 2022, the compromise of two unique passwords was detected. These passwords were used to access a customer contract search tool that allows access to rental contracts for U-Haul customers. The data breach notification and filing do not specify how the passwords used to access the search tool's functionality were compromised. Based on the filing, none of U-Haul's financial, payment processing, or email systems were involved, and Amerco does not believe the incident will have a material impact on its business or financial condition. This article continues to discuss findings regarding the U-Haul data breach. 

Help Net Security reports "U-Haul Reports Data Breach, Customers' Info Exposed"