USCellular, the American telecom has revealed a data breach incident today that affected an unknown number of its customers. It said the hackers were able to download malicious software into their store employeesโ computers and accessed the connected CRM to view details of its customers. It has now reset the credentials of all affected customers.
USCellular Data Breach Incident
USCellular is serving nearly 5 million customers across 23 states, making it the fourth-largest wireless mobile network provider in the US. The company has revealed a data breach incident in its filing with the Vermont attorney generalโs office today.
In a notification, it mentioned that employees of one of its retail stores were successfully scammed to download software by the adversary and access their systems. And since the employees were logged into their CRM software, the adversary has gained unauthorized access into that part too.
USCellular said the breach may have occurred on January 4th and detected two days later. It didnโt mention how many customers were affected by this incident, and by what means the employees were hacked. A general method would be through phishing emails, where the target is tricked into downloading the malicious software.
The USCellular notification mentioned the accessed data includes the โcustomersโ name, address, PIN, cellular telephone numbers(s) and the wireless services including their service plan, usage and billing statements known as Customer Proprietary Network Information (โCPNIโ).โ
It assured that neither the social security numbers nor the credit card data were accessed since theyโre masked in the CRM. USCellular has immediately reset the affected employeesโ credentials, and also the customers authorized contactโs PIN and security questions/answers for security. Such customers can set up them again by contacting the USCellular.