I just received this email a few days ago:<p>We are writing to inform you of an incident that involved some of your information. We are providing this notice to explain the incident and measures we have taken, and also to provide some steps you can take in response.<p>What Happened?
We detected a compromise of two unique passwords that were used to access a customer contract search tool that allows access to rental contracts for U-Haul customers. The search tool cannot access payment card information; no credit card information was accessed or acquired. Upon identifying the compromised passwords, we promptly changed the passwords to prevent any further unauthorized access to the search tool and started an investigation. Cybersecurity experts were engaged to identify the contracts and data that were involved. The investigation determined an unauthorized person accessed the customer contract search tool and some customer contracts. None of our financial, payment processing or U-Haul email systems were involved; the access was limited to the customer contract search tool.<p>What Information Was Involved?
On August 1, 2022, our investigation determined some rental contracts were accessed between November 5, 2021, and April 5, 2022. After an in-depth analysis, our investigation determined on September 7, 2022, the accessed information includes your name and driver's license or state identification number<p>Well its a nice email to wake up to.
The first time I ever rent a uHaul and my DL is leaked.
>some rental contracts were accessed between November 5, 2021, and April 5, 2022<p>>None of our financial, payment processing or U-Haul email systems were involved; the access was limited to the customer contract search tool.<p>So they were in U-Haul's network for 5 months, but U-Haul is dead sure they only got into a single system.<p>I hate it when they phrase things in this overly confident way. I do believe they didn't see overt evidence that other systems were compromised, but that doesn't mean it didn't happen.
Last time I rented a U-Haul, they asked to see my driver's license as expected - then took a picture of the front and back to store in their systems.<p>I did not like the taking a picture of the entire license at all, but was stuck.<p>I had full expectation that a non-tech company like U-Hual would be fully incompetent to properly store such a trove of identity information, and here it is - crackers wandering around in their system for six months, and they "have no evidence" of further intrusion, meaning they don't even have the logs to verify or the capability to read the logs, so they actually have no evidence that other data was not accessed (absence of evidence is not evidence of absence)...<p>I'll sure as hell be avoiding UHaul if at all possible in the future...
Same thing happened to me.
I care MUCH less about my credit card being leaked then the picture & details of my Drivers License being out there.
Last time I give them any money.
If it were me, which it wasn't, I'd be looking for the rentals being made by a certain white supremacist group that likes to use U-Hauls to transport their masked goons around the country.