U-Haul Customer Contract Search Tool Compromised

Password compromise led to unauthorized access to a customer contract search tool over a five-month window, according to the company.

U-Haul said attackers were able to compromise two individual passwords and access the companys customer contract tool, exposing customer names and drivers license or state identification numbers.
Attackers had unauthorized access from Nov. 5, 2021, to April 5, 2022, U-Haul said. Once the breach was discovered, U-Haul changed the affected passwords and launched an investigation, the company explained on Sept. 9.
The investigation determined an unauthorized person accessed the customer contract search tool and some customer contracts, according to
U-Hauls notice of the cybersecurity incident
. None of our financial, payment processing or U-Haul email systems were involved; the access was limited to the customer contract search tool.
Experts like Sami Elhini, with Cerberus Sentinel, panned U-Hauls lack of password security.
Ultimately, this is an identity management issue, Elhini explained in an emailed statement. Determining you have a resolved identity based on a successful one-factor authentication is not only blissfully ignorant, but also potentially civilly and criminally negligent.
Lior Yaari, CEO of Grip Security was also withering in his assessment of U-Hauls cybersecurity.
The passwords compromised in this U-Haul attack were clearly not governed or protected properly, Yaari said in an emailed statement. There are probably other passwords that may have already been compromised that U-Haul, and hundreds of other companies, are unaware of and will not become aware of, until another breach like this occurs.”
While the precise approach might very across sectors and organizations, Yaari said the industry needs to stop repeating the same mistakes and relying on employees as an effective defense against cyberattack.
The additional safeguards companies take to prevent password compromise will likely fail, and
this type of breach
will be repeated over and over again, Yaari added. Rather than adding more Band-Aids, the industry needs to take a fresh approach that removes the burden of securing passwords from employees.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
U-Haul Customer Contract Search Tool Compromised