The data breach may have allowed unauthorized individuals to access UScellular wireless customers’ accounts and wireless phone numbers.
Chicago, Illinois-based United States Cellular Corporation or UScellular has suffered a data breach after hackers manage to access the company’s CRM system by installing malware. As a result, on January 4th, 2020, the unknown hackers were able to gain personal information, including customer accounts, security PINs, and phone numbers.
It is worth noting that the malware was installed by an unidentified individual on a computer at one of the U.S. Cellular retail stores.
The main victims of this incident are the UScellular store workers, as the hackers had utilized their credentials for the purpose of accessing the customer relationship management (or CRM) software and luring the customers to provide remote access.
As stated by the data breach notification presented by the office of the Vermont attorney general,
A few employees in retail stores were successfully scammed by unauthorized individuals and downloaded the software onto a store computer.
“Since the employee was already logged into the customer retail management (“CRM”) system, the downloaded software allowed the unauthorized individual to remotely access the store computer and enter the CRM system under the employee’s credentials.”
By gaining access to the consumer retail management system, the hackers were able to infiltrate the store’s computers remotely under the credentials of its employees.
However, as soon as UScellular discovered that they were compromised, which was approximately two days after the attack, the initial steps were taken to disconnect the compromised device from the system.
In order to cease any further form of future fraudulent activities, the access of information from any unknown devices had been restricted and customers were encouraged to keep stronger pins and passcodes.
Furthermore, employees were also encouraged to change their passwords as well and login credentials in all the retail stores were reset.
The notice presented by UScellular in regards to the breach of data had notified the customers in regards to the cyber-attack. However, it is worth noting that it did not mention much in regards to the intricacies of the attack itself but rather focused on the damage control that was being done by the company.
It is yet to be confirmed exactly how many of the customers have fallen victim to this attack and how it may have impacted the employees. It is also suggested that the customers should stay alert of any potential cyber-attacks that these hackers may carry out in the future.
UScellular breach in 2017
Although the current breach appears to be limited, this is not the first time when UScellular customers’ data is at risk. In 2017, Hackread.com exclusively reported how a dark web vendor was selling 126 million cell phone details of the company’s customers.
The database contained details such as first name, last name, address, city, state, and phone numbers of 126,761,168 Americans.