Jump to content

U-Haul confirms data breach, customer driving licences exposed

David H. Lipman

Recommended Posts

U-Haul confirms data breach, customer driving licences exposed


Unknown threat actor managed to compromise two U-Haul “unique passwords”

American moving and storage rental company U-Haul has suffered a data breach in which certain sensitive customer data was stolen, the company has confirmed. 

In an announcement sent out to affected customers,U-Haul said that an unidentified threat actor managed to compromise two “unique passwords” and gain access to its contract search tool.

"The investigation determined an unauthorized person accessed the customer contract search tool and some customer contracts," U-Haul said in the announcement, although it didn't say how many customers were affected. 






We are writing to inform you of an incident that involved some of your information. We are providing this notice to explain the incident and measures we have taken, and also to provide some steps you can take in response.

What Happened?

We detected a compromise of two unique passwords that were used to access a customer contract search tool that allows access to rental contracts for U-Haul customers. The search tool cannot access payment card information; no credit card information was accessed or acquired. Upon identifying the compromised passwords, we promptly changed the passwords to prevent any further unauthorized access to the search tool and started an investigation. Cybersecurity experts were engaged to identify the contracts and data that were involved. The investigation determined an unauthorized person accessed the customer contract search tool and some customer contracts. None of our financial, payment processing or U-Haul email systems were involved; the access was limited to the customer contract search tool.

What Information Was Involved?

On August 1, 2022, our investigation determined some rental contracts were accessed between November 5, 2021, and April 5, 2022. After an in-depth analysis, our investigation determined on September 7, 2022, the accessed information includes your name and driver’s license or state identification number.

What Are We Doing?

The safety and trust of our customers, including the protection of personal information, is a top priority for U-Haul Company and we take that responsibility very seriously. While the information accessed in this incident did not include payment card information, we fully understand this is an inconvenience to you. We sincerely apologize for that. Please know we are working diligently to further augment our security measures to guard against such incidents and implementing additional security safeguards and controls on the search tool. Additionally, we are offering affected customers identity theft protection services through Equifax for one year. This product helps detect possible misuse of your personal information and provides you with identity protection services focused on immediate identification and resolution of identity theft. The service is completely free to you and enrolling in this program will not hurt your credit score.

What You Can Do.

For more information, including some additional steps you can take to help protect yourself, please see the additional information provided with this letter.

For More Information.

If you have any questions, please call 866-963-0620, Monday through Friday, 9:00 a.m. to 5:00 p.m. Mountain Time. Sincerely,


“J.T.” Taylor President, U-Haul International, Inc


  • Thanks 2
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.