back to article U-Haul tells 67K customers that cyber-crooks drove away with their personal info

U-Haul is alerting tens of thousands of folks that miscreants used stolen credentials to break into one of its systems and access customer records that contained some personal data. A U-Haul spokesperson told The Register that about 67,000 customers in the United States and Canada were affected, but declined to answer other …

  1. Tron Silver badge

    Not really 'cyber-crooks'.

    Looks like someone saw the password on a post-it note and couldn't resist having a peep.

    No access to payment data, just lots of less wealthy people moving their own stuff from A to B. Experian will make more than those leet haxors did out of it.

    You can understand hackers targeting politicians, celebrities, the military and banks, but simply doing a server because you can, should the company tell you to go fork yourselves rather than pay a ransom, will yield little or no reward.

    And we've had the net for long enough for only the lowest hanging fruit to use the same password more than once. So even trawling through the data won't get them much. There was more personal data in the phone books we used to get free from telcos.

    1. Richard 12 Silver badge

      Re: Not really 'cyber-crooks'.

      There's a lot you can do with a name and a driver's license.

  2. xyz Silver badge

    I'm just imagining...

    All them residents of trailer parks, locked and loaded and waiting for them cyber crook types attacking.

  3. Version 1.0 Silver badge
    Alert

    The cyber-crime pandemic world

    The environment that cyber-crime has "created" is a lot similar to the recent COVID pandemic ... users everywhere are only being told to wear masks (just create new passwords) but nobody every bothers to get vaccinated (working to completely stop internet access to their data). We've world-wide fixed COVID but that took a huge amount of vaccination creation work - stopping cyber-crime will not be easy until we generate huge vaccinations for internet access.

    1. M.V. Lipvig Silver badge

      Re: The cyber-crime pandemic world

      Not really, if you make it law that a breach means the company is responsible for all costs to the people whose information was compromised, and that in a bankruptcy proceeding those victims get first crack at the assets, then lawyers, banks, ect. The first company that goes under because of this, with their creditors and class a shareholders taking it in the shorts for a change, will cause the rest of them to spend the money for a solution.

      1. Anonymous Coward
        Anonymous Coward

        Re: The cyber-crime pandemic world

        Just declare bankruptcy because of the hack, before telling the SEC, win...win.

    2. mpi Silver badge

      Like that analogy.

      I wonder if there will also be people stating that their computers are fine and getting hacked only makes them stronger. Or that ransomware is just like the common spam email, nothing to worry about.

      Or if anyone will recommend bleach to rid a server of malware.

  4. Mike 137 Silver badge

    Alternatively ...

    It's entirely possible to use technical controls to prevent logins to internal systems from outside the organisation, or even to arrange for external logins (if essential) to demand multifactor authentication. It's almost infosec 101, so what amazes me is that so few organisations take the trouble to do so.

    1. M.V. Lipvig Silver badge

      Re: Alternatively ...

      It amazes you that a company would rather take a chance on a maybe happening this quarter than spend money to prevent it? Look at it from their point of view - they weren't hit last quarter and spent no money, and so far so good on this quarter. And if they are hit, apologies are cheap and what are the chances lighting will strike twice? Until it costs them a lot of money, and perhaps jail time for C suiters, expect no change. Making a breach result in prison for the decison makers would go a long ways towards a solution.

      1. RedGreen925 Bronze badge

        Re: Alternatively ...

        "Making a breach result in prison for the decison makers would go a long ways towards a solution."

        Indeed it would and has been my thoughts on it for years. Throw the corporate parasites in jail for their total incompetence in these situations. If it has involved the death of a person due to their incompetent actions, I am in favor of both a corporate and personal death penalty for all those involved.

  5. Doctor Evil
    Facepalm

    Wot, again?!?

    Really?

    I was contacted after U-Haul's last breach in Sep 2022. I'm still nervously monitoring my credit score for unexpected changes (nothing, so far). But ... here we go again!

    Really wishing I'd just borrowed a truck from a friend!

  6. bjackson

    It's interesting that the article says they hardened their systems, but in the letter from Uhaul, this isn't stated.

  7. mpi Silver badge
    Joke

    Guess there was a great hauling and gnashing of teeth.

    Thank you, thank you! You are a wonderful audience!

    I'm gonna let myself out...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like