U-Haul Customer Contract Search Tool Compromised

  /     /     /  
Publicated : 23/11/2024   Category : security


U-Haul Customer Contract Search Tool Compromised


Password compromise led to unauthorized access to a customer contract search tool over a five-month window, according to the company.



U-Haul said attackers were able to compromise two individual passwords and access the companys customer contract tool, exposing customer names and drivers license or state identification numbers.
Attackers had unauthorized access from Nov. 5, 2021, to April 5, 2022, U-Haul said. Once the breach was discovered, U-Haul changed the affected passwords and launched an investigation, the company explained on Sept. 9.
The investigation determined an unauthorized person accessed the customer contract search tool and some customer contracts, according to
U-Hauls notice of the cybersecurity incident
. None of our financial, payment processing or U-Haul email systems were involved; the access was limited to the customer contract search tool.
Experts like Sami Elhini, with Cerberus Sentinel, panned U-Hauls lack of password security.
Ultimately, this is an identity management issue, Elhini explained in an emailed statement. Determining you have a resolved identity based on a successful one-factor authentication is not only blissfully ignorant, but also potentially civilly and criminally negligent.
Lior Yaari, CEO of Grip Security was also withering in his assessment of U-Hauls cybersecurity.
The passwords compromised in this U-Haul attack were clearly not governed or protected properly, Yaari said in an emailed statement. There are probably other passwords that may have already been compromised that U-Haul, and hundreds of other companies, are unaware of and will not become aware of, until another breach like this occurs.”  
While the precise approach might very across sectors and organizations, Yaari said the industry needs to stop repeating the same mistakes and relying on employees as an effective defense against cyberattack.
The additional safeguards companies take to prevent password compromise will likely fail, and
this type of breach
will be repeated over and over again, Yaari added. Rather than adding more Band-Aids, the industry needs to take a fresh approach that removes the burden of securing passwords from employees.

Last News

▸ 27 Million South Koreans Hit by Online Gaming Theft. ◂
Discovered: 23/12/2024
Category: security

▸ Homeland Security Background Checks Breach Raises Concerns. ◂
Discovered: 23/12/2024
Category: security

▸ Fully committed to the future world of technology. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
U-Haul Customer Contract Search Tool Compromised