Click to Skip Ad
Closing in...

U-Haul hack: Names and driver’s licenses exposed in data breach

Updated Nov 11th, 2022 9:36AM EST
U-Haul moving truck
Image: Tim Boyle/Getty Images

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Last week, the moving and rental company U-Haul started sending out letters to customers alerting them about a recent data breach. Bleeping Computer reports that U-Haul discovered the breach earlier this summer. The company found that attackers hacked a search tool that contained the names and driver’s license information of customers.

U-Haul data breach exposes customer info

According to U-Haul, an investigation began on July 12 following the discovery of the breach. On August 12, the U-Haul investigators found that hackers accessed “some rental contracts” between November 5, 2021, and April 5, 2022.

Here is U-Haul’s full explanation for what happened and what data was accessed:

We detected a compromise of two unique passwords that were used to access a customer contract search tool that allows access to rental contracts for U-Haul customers. The search tool cannot access payment card information; no credit card information was accessed or acquired. Upon identifying the compromised passwords, we promptly changed the passwords to prevent any further unauthorized access to the search tool and started an investigation. Cybersecurity experts were engaged to identify the contracts and data that were involved. The investigation determined an unauthorized person accessed the customer contract search tool and some customer contracts. None of our financial, payment processing or U-Haul email systems were involved; the access was limited to the customer contract search tool.

All things considered, the hackers didn’t do much damage. They didn’t steal any credit card numbers or accounts. Taking a page from other companies, U-Haul is offering any affected customers one year of Equifax identity theft protection services for free.

“We sincerely apologize for that. Please know we are working diligently to further augment our security measures to guard against such incidents and implementing additional security safeguards and controls on the search tool,” U-Haul added in its letter.

In recent years, data breaches such as this have become increasingly common. In 2021, both T-Mobile and LinkedIn suffered serious breaches that exposed personal data.

Jacob Siegal
Jacob Siegal Associate Editor

Jacob Siegal is Associate Editor at BGR, having joined the news team in 2013. He has over a decade of professional writing and editing experience, and helps to lead our technology and entertainment product launch and movie release coverage.