U-Haul notifies customers of major data breach

Al Harris
September 15, 2022

One of the country’s largest self-storage operators has been hit by a major data breach.

Last week U-Haul notified affected customers of the incident, informing them that their names and driver’s license information had been compromised. The company said in the letter to customers that credit card information was not accessed by the hacker.

A company representative confirmed with FOX Business that as many as 2.2 million customer records were affected. The moving and storage company has more than 23,000 locations throughout North America. It is ranked the 5th largest self-storage operator by Inside Self Storage.

Inside the hack

The company first discovered signs of a breach on July 12, and concluded an initial investigation on August 1. The investigation found that hackers accessed rental contracts dated November 5, 2021 through April 05, 2022.

“The investigation determined an unauthorized person accessed the customer contract search tool and some customer contracts. None of our financial, payment processing or U-Haul email systems were involved; the access was limited to the customer contract search tool,” the letter to customers stated.

According to tech news site Bleeping Computer, the hacker gained access to the rental contracts search portal by compromising two unique passwords—which have since been changed by U-Haul.

Exactly how the passwords were cracked was not disclosed by the company. One possible way that hackers could have gained access is through a phishing attack. Phishing is among the most used methods cybercriminals use to obtain passwords and infiltrate corporate data records. In such an attack, the hacker tricks a legitimate user into inputting their password into a fake website designed to look official. A link to the fake site is often sent by e-mail, with the sender impersonating someone the victim knows and trusts.

In the letter to customers, signed by U-Haul President John Taylor, the company said it was working to augment its security measures to prevent such incidents from occurring in the future. In response, the company is providing each affected customer with identify theft monitoring through Equifax for one year.

Sign up for the Storage Beat newsletter

Never miss a story! Sign up for our weekly newsletter featuring the latest storage industry news and interviews with movers and shakers:

About the SpareFoot Storage Beat

The SpareFoot Storage Beat is your go-to source for news, features and analysis about the self-storage industry. Self-storage categories covered by The SpareFoot Storage Beat include public companies, private companies, industry trends, real estate development, facility acquisitions, hirings and promotions.

Send us a tip

Recent posts

Sold! Newly minted facility in Maine trades for $2.1 million

Sold! Newly minted facility in Maine trades for $2.1 million

Malone Commercial Brokers led the sale of a newly built 26,000-square-foot self-storage facility at 17 Town House Road in West Gardiner, ME. The 7.5-acre property has five buildings and was sold to Town House Road LLC for $2.134 million. West Gardiner Self Storage is...

read more
Etude Storage Partners makes offer to buy Global Self Storage

Etude Storage Partners makes offer to buy Global Self Storage

Global Self Storage, Inc. a publicly-traded real estate investment trust with a portfolio of 13 self-storage properties, finds itself in the crosshairs of a third unsolicited acquisition proposal from Austin-based Etude Storage Partners LLC. The proposal, amounting to...

read more