Security Update
U-Haul detected a compromise of two unique passwords that were used to access a customer contract search tool. We are providing this notice to explain the incident and measures we have taken in response.
What Happened?
We detected a compromise of two unique passwords that were used to access a customer contract search tool that allows access to rental contracts for U-Haul customers. The search tool cannot access payment card information; no credit card information was accessed or acquired. Upon identifying the compromised passwords, we promptly changed the passwords to prevent any further unauthorized access and started an investigation. Cybersecurity experts were engaged to identify the contracts and customers that were involved. The investigation determined an unauthorized person accessed the customer contract search tool and some customer contracts. None of our financial, payment processing or U-Haul email systems were involved; the access was limited to the customer contract search tool.
What Information Was Involved?
On August 1, 2022, our investigation determined some rental contracts were accessed between November 5, 2021, and April 5, 2022, that contained names and driver's license numbers of some customers.
What Are We Doing?
In response to the incident, we have taken steps to prevent a similar incident in the future and are implementing additional security safeguards and controls on the search tool. We are notifying impacted customers and offering them identity theft protection services.
What You Can Do.
We encourage impacted customers to remain vigilant by reviewing account statements and credit reports for any unauthorized activity.