U-Haul, a leading international transport, haulage, and storage firm, has confirmed it fell victim to a cyberattack, compromising the personal data of approximately 67,000 customers in the U.S. and Canada. The breached data includes sensitive information such as names, dates of birth, and driver’s license numbers. This incident is part of an increasing trend of cyberattacks targeting large corporations, putting personal and sensitive data at risk.
The breach was discovered on December 5th, but U-Haul delayed reporting it to the relevant authorities, including the attorney general in Maine, which has strict laws regarding data breach notification, until February 22nd. Despite the delay in reporting, U-Haul has since taken several steps to mitigate the damage and prevent future incidents of this nature.
Why it matters: With this not being U-Haul’s first data breach, there’s a clear signal that ongoing vigilance and continuous improvement in cybersecurity measures are essential to protect against future attacks. This breach also raises questions about the timeliness and transparency of corporate responses to such incidents.
- U-Haul has reported that an intruder used valid credentials to access a system for tracking reservations and viewing customer records. The company has notified potential victims about the unauthorized access in a letter.
- In response to the breach, U-Haul offered free credit monitoring and identity protection services to victims and has hired an unnamed cybersecurity firm to bolster their security measures going forward.
- U-Haul’s delay in reporting the breach underscores the need for stricter compliance with data breach notification laws to ensure the timely protection of affected individuals.
Go Deeper -> U-Haul Admits Data Breach – CyberNews
U-Haul says 67,000 Customers Affected in Records System Breach – The Record