Hacker Used Internal U-Haul Tool To Look Up Customer Information

Image: Smith Collection/Gado/Contributor

Hacking. Disinformation. Surveillance. CYBER is Motherboard’s podcast and reporting on the dark underbelly of the internet.

A hacker broke into systems belonging to logistics company U-Haul and accessed an internal tool used for searching customer contracts, according to an announcement from U-Haul published on the company’s website.

In the announcement, U-Haul says it first detected the compromise of two unique passwords on July 12. From there, the company engaged cybersecurity experts who found that an unauthorized person accessed the customer contract search tool and did look up some customer contracts. The information exposed includes names, dates of birth, and driver’s license numbers, the announcement adds.

“Upon discovery, we changed the passwords and implemented additional safeguards and controls for accessing the search tool,” the website reads.

Sign up for Motherboard’s daily newsletter for a regular dose of our original reporting, plus behind-the-scenes content about our biggest stories.

U-Haul is a popular company that lets customers rent a trailer, truck, or storage unit for their own use. Recently a couple went viral for using a U-Haul truck as a date spot.

The announcement added that “None of our financial, payment processing or U-Haul email systems were involved; the access was limited to the customer contract search tool.”

U-Haul said that the contracts were accessed between November 5, 2021, and April 5, 2022. The announcement added that in September 7 the company identified the individuals whose information was involved, and that it is notifying those impacted customers.

Subscribe to our cybersecurity podcast, CYBER. Subscribe to our new Twitch channel.