U-Haul, a prominent U.S. moving truck, trailer, and self-storage rental company, has revealed that data belonging to almost 67,000 customers in the United States and Canada was compromised in a cyberattack targeting one of its systems in early December, as reported by The Register.
The attackers utilized stolen credentials to breach the U-Haul Dealer and Team Members system, leading to the unauthorized access of customers’ personal information. This included names, birthdates, driver’s license numbers, and other sensitive details. However, U-Haul clarified that no financial information was compromised as their payment system remained separate from the affected customer record system. The company has taken steps to notify individuals whose data was compromised in the attack through breach notification letters.
Following the breach, U-Haul has implemented additional security measures across its systems to prevent similar incidents in the future.
This disclosure coincides with recent reports from IBM X-Force and CrowdStrike highlighting a surge in cyberattacks involving stolen credentials over the past year. According to Adam Meyers, Head of Counter Adversary Operations at CrowdStrike, threat actors have increasingly focused on utilizing legitimate identities to log in as legitimate users, thereby evading detection and utilizing legitimate tools to remain undetected.
