USCellular suffered from a data breach earlier this 2021 after a number of threat actors reportedly targetted employees who had access to its customer relationship management (CRM) software, states Forbes. The wireless carrier has since filed its notice with the Office of the Vermont Attorney General.
USCellular is considered the fourth-largest wireless carrier in the United States. The mobile network operator currently has approximately $4.9 million customers under its name.
In the notification filed by the mobile network operator with the Vermont attorney general’s office, USCellular reveals that several employees were targeted by hackers for downloading harmful software into their computer systems.
Through this approach, Bleeping Computer states the threat actors in question successfully gained remote computer access. In addition, USCellular employees that were logged onto the company’s customer relationship management account also led hackers in on the said information.
According to Forbes, the company believes that the attack happened around January 4, 2021. However, the attack was only discovered two days after the incident, with some customers already being compromised in the cybersecurity attack.
In its statement, USCellular said, “On January 6, 2021, we detected a data security incident in which unauthorized individuals may have gained access to your wireless customer account and wireless phone number. A few employees in retail stores were successfully scammed by unauthorized individuals and downloaded the software onto a store computer.”
The notification also read, “Since the employee was already logged into the customer retail management (CRM) system, the downloaded software allowed the unauthorized individual to remotely access the store computer and enter the CRM system under the employee’s credentials.”
Among the information compromised by the security, the attack is the customers’ names, addresses, PIN codes, and cellular telephone numbers.
In addition, the hackers also gained access to users’ wireless service data, including the type of plan availed from USCellular, their overall usage, and their billing statements filed under Customer Proprietary Network Information.
Despite the aforementioned data being compromised, the company assures its customers that their Social Security numbers and their respective credit card details are not affected.
Following the incident, USCellular reportedly took steps to stop unauthorized access to its CRM system and customer accounts. It has also taken the liberty to reset login credentials and work with authorities to further investigate the issue.
As of writing, Bleeping Computer states that there is no specific number of affected individuals over the data breach incident.
Moreover, the statement filed with the Vermont attorney general’s office provided limited information, failing to discuss whether the employees in question were scammed by a malicious hacker by phishing emails or another approach, reports Bleeping Computer.
