Leading U.S. moving truck, trailer, and self-storage rental firm U-Haul had data from almost 67,000 customers in the U.S. and Canada exfiltrated following a cyberattack against one of its systems in early December, according to The Register.
Attackers leveraged stolen credentials to infiltrate the U-Haul Dealer and Team Members system, resulting in the theft of customers' names, birthdates, driver's license numbers, and other personal information, but not any of their financial details as their payment system was separate from the impacted customer record system, said U-Haul in breach notification letters sent to individuals whose data were compromised in the attack. Additional security measures have also been implemented on U-Haul systems to prevent similar incidents.
Such a disclosure comes days after IBM X-Force and CrowdStrike reported the increased prevalence of cyberattacks involving stolen credentials during the past year.
"Threat actors have really focused on identity taking a legitimate identity, logging in as a legitimate user, and then laying low, staying under the radar by living off the land and using legitimate tools," CrowdStrike Head of Counter Adversary Operations Adam Meyers.
