Teacher
Professional
- Messages
- 2,669
- Reaction score
- 819
- Points
- 113
The largest truck and trailer rental chain in the United States is facing a hacker attack.
The American company U-Haul, which specializes in rental services for vehicles and equipment for self-relocation, reports that intruders have penetrated its information system using stolen credentials. As a result of the incident that occurred on December 5, the records of about 67 thousand customers from the United States and Canada were compromised.
U-Haul has grown from a small family business to a large chain that rents various sizes of trucks, trailers, storage systems, and other moving equipment. The company has an extensive network of representative offices and rental locations throughout the United States and Canada, making it accessible to a wide range of customers.
A U-Haul spokesperson confirmed the security breach, but declined to comment further. According to the results of an investigation conducted jointly with an external cybersecurity firm, it turned out that hackers gained access to the U-Haul Dealer and Team Members system, through which reservations were controlled and customer records were viewed.
Among the leaked data were customer names, dates of birth, and driver's license numbers. Representatives of U-Haul clarified that the financial information of customers was not stolen, since the system of customer records is in no way connected with the company's payment system.
In response to the incident, the company strengthened security measures, including changing passwords on compromised accounts and offering affected customers a free one-year subscription to the Experian IdentityWorks service.
The data leak occurred against the background of a sharp increase in the number of attacks using legitimate credentials. According to a recent IBM Security X-Force report, there was a 71% increase in such incidents in 2023 compared to the previous year. Accounts with compromised data accounted for 30% of all incidents encountered by the IT giant's incident response team.
In turn, a similar CrowdStrike report also indicates an increase in threats related to identity cards. In addition to using stolen credentials, attackers target API keys, session cookies and tokens, one-time passwords, and Kerberos tickets.
Experts emphasize that attackers are increasingly focusing on identity cards, using legitimate identifiers to secretly penetrate and further act inside the target systems.
The American company U-Haul, which specializes in rental services for vehicles and equipment for self-relocation, reports that intruders have penetrated its information system using stolen credentials. As a result of the incident that occurred on December 5, the records of about 67 thousand customers from the United States and Canada were compromised.
U-Haul has grown from a small family business to a large chain that rents various sizes of trucks, trailers, storage systems, and other moving equipment. The company has an extensive network of representative offices and rental locations throughout the United States and Canada, making it accessible to a wide range of customers.
A U-Haul spokesperson confirmed the security breach, but declined to comment further. According to the results of an investigation conducted jointly with an external cybersecurity firm, it turned out that hackers gained access to the U-Haul Dealer and Team Members system, through which reservations were controlled and customer records were viewed.
Among the leaked data were customer names, dates of birth, and driver's license numbers. Representatives of U-Haul clarified that the financial information of customers was not stolen, since the system of customer records is in no way connected with the company's payment system.
In response to the incident, the company strengthened security measures, including changing passwords on compromised accounts and offering affected customers a free one-year subscription to the Experian IdentityWorks service.
The data leak occurred against the background of a sharp increase in the number of attacks using legitimate credentials. According to a recent IBM Security X-Force report, there was a 71% increase in such incidents in 2023 compared to the previous year. Accounts with compromised data accounted for 30% of all incidents encountered by the IT giant's incident response team.
In turn, a similar CrowdStrike report also indicates an increase in threats related to identity cards. In addition to using stolen credentials, attackers target API keys, session cookies and tokens, one-time passwords, and Kerberos tickets.
Experts emphasize that attackers are increasingly focusing on identity cards, using legitimate identifiers to secretly penetrate and further act inside the target systems.
