US moving company U-Haul has reportedly suffered from a data breach that occurred when an unauthorized individual gained access to an unknown number of rental contracts. U-Haul’s parent company Amerco confirmed the attack last week and stated that consumers’ payment card information was not compromised in the attack. The individual who obtained access to the records was able to view customer names, drivers licenses, and the information included on it such as physically address, date of birth, or state identification number.

Amerco reported that it detected a compromise of two unique passwords used by employees to access a customer contract search tool. The company launched an investigation into the incident, which was assisted by outside cybersecurity experts, to determine the nature and scope of the attack. According to Amerco, the investigation was concluded on September 7 and notices were issued to consumers two days later. The notices did not include information regarding how the password was breached in the first place. The individual or entity behind the attack also remains unidentified.

Read More: U-Haul reports data breach, customers’ info exposed