U-Haul says 67,000 customers affected in records system breach

Truck and trailer rental company U-Haul said on Friday that some customers in the U.S. and Canada were affected by a data breach in December.

An “unauthorized party” used “legitimate credentials” to access a system that U-Haul dealers use to track reservations and view customer records, the company said in a regulatory filing with the state of Maine.

The original posting did not include the number of affected persons, but a U-Haul spokesperson told Recorded Future News that the incident involved the data of about 67,000 in the U.S. and Canada.

The breached data included driver’s license numbers and other identification card numbers. The incident did not involve the company’s payment system, U-Haul said.

The spokesperson did not respond to questions about the specific details of the incident. The regulatory filing said U-Haul discovered the breach on December 5, determined the extent of it the following day and began notifying affected customers on Thursday.

An unnamed cybersecurity company is helping investigate the incident, and victims can access free credit-monitoring services, U-Haul said.

“To help prevent a similar incident in the future, we have and will continue to take steps to enhance security measures, including changing passwords for affected accounts and implementing additional security safeguards and controls,” U-Haul said in its letter to affected Maine residents.

U-Haul previously reported a five-month data breach in 2022. In addition to its famous orange trucks and trailers, the company also rents and sells moving supplies and self-storage spaces.