SACRAMENTO, Calif., Sept. 22, 2022 /PRNewswire/ -- U-Haul sent a letter ("Data Breach Letter") to consumers stating, "We detected a compromise of two unique passwords that were used to access a customer contract search tool that allows access to rental contracts for U-Haul customers." U-Haul claims "The search tool cannot access payment card information; no credit card information was accessed or acquired." U-Haul states it "promptly changed the passwords," and "cybersecurity experts were retained."
U-Haul claims its investigation determined "an unauthorized person accessed the customer control search tool and some customer contracts." U-Haul did not say when it first "detected a compromise of the two unique passwords." It did claim that "On August 1, 2022, our investigation determined some rental contracts were accessed between November 5, 2021, and April 5, 2022." U-Haul completed its investigation on September 7, 2022, and determined the "accessed information" included "your name and driver's license or state identification number."
U-Haul's parent company, AMERCO, is publicly traded, and U-Haul generated around $4 billion in revenue in 2021. It is the 3rd largest self-storage operator in North America, and it has 19,500 employees, 128,000 trucks, and 46,000 towing devices.
The data of over 2.2 million individuals was compromised by this data breach. If you received a data breach letter from U-Haul, you were impacted by the data breach.
WHAT INFORMATION IS INVOLVED?
According to U-Haul, the following information was exposed:
- Driver's License Number
- State Identification Number
This information is called your Personally Identifiable Information ("PII"). It tells others about you and is considered part of your identity. Businesses are required to secure this information or risk facing statutory penalties, among other legal penalties. Stolen PII can be used by identity thieves to engage in fraudulent activity using your identity.
U-Haul is offering free credit monitoring and identity theft protection services through Equifax for one year. The best way to protect yourself after a data breach is to sign up for credit and identity protection services as soon as possible. California offers extra protections and legal rights to its residents through the California Consumer Privacy Act ("CCPA").
NOTICE: If you received a NOTICE OF DATA BREACH letter from U-Haul, contact the Arnold Law Firm at (916) 777-7777 to discuss your legal options.
SOURCE Arnold Law Firm