U-Haul confirms data breach

Major moving and storage rental firm U-Haul International confirmed that some of its customers' rental contracts have been accessed following a cyberattack, resulting in the compromise of their names and driver's license or state identification numbers, BleepingComputer reports. Threat actors were able to infiltrate U-Haul's rental contracts search portal between Nov. 5, 2021, and April 5, 2022, after obtaining two unique passwords, according to U-Haul, which emphasized that the intrusion did not impact email and customer-facing websites. No credit card data was also compromised by attackers during the incident, which was only confined to the contract search system, said U-Haul. "The investigation determined an unauthorized person accessed the customer contract search tool and some customer contracts. None of our financial, payment processing or U-Haul email systems were involved; the access was limited to the customer contract search tool," U-Haul added. Customers affected by the breach have been given free identity theft protection services for a year.