Noth American moving and storage rental company U-Haul has suffered a data breach in which certain sensitive customer data was stolen.
U-Haul discovered the incident in mid-July 2022, and after a few weeks of investigations, found that the attackers accessed some customers’ rental contracts, signed between early November 2021, and early April 2022.
U-Haul said that an unidentified threat actor managed to compromise two “unique passwords” and gain access to its contract search tool. Those passwords have been changed aftermath. Although it didn’t say how many customers were affected.
The company confirmed that no payment data was taken, given that the compromised tool didn’t have access to such data in the first place.
U-Haul is offering any affected customers one year of Equifax identity theft protection services for free.
U-Haul is a major moving and storage rental company, it has a network of more than 23,000 locations in the U.S. and Canada, and operates a fleet of some 186,000 trucks, 128,000 trailers, and 46,000 towing devices. All of this, it was said, makes it the third largest self-storage operator in North America.