Chicago-based wireless carrier UScellular started informing customers last week that their personal information may have been accessed and their phone numbers ported as a result of a data breach.
UScellular is one of the largest wireless carriers in the United States — it claims to have nearly 5 million customers across 20 states. However, it’s unclear how many were affected by the data breach. SecurityWeek has reached out to the company for more information.
The carrier said it detected the breach on January 6, 2021, and its investigation so far suggests that the attackers first gained access to its systems two days earlier. The hackers used an undisclosed method to trick UScellular employees working in retail stores into downloading malicious software.
This malware then allowed the attacker to remotely access compromised store computers and the customer retail management (CRM) system running on them. Since employees were already logged into the CRM system, the attackers were able to access the CRM with the employee credentials and access wireless customer accounts and phone numbers.
“After accessing your account, a wireless number on your account was ported to another carrier by the unauthorized individuals,” the company told customers in a data breach notice posted on its website.
UScellular said the attackers may have gained access to names, addresses, PIN codes, phone numbers, and information on wireless services, usage, and billing statements (CPNI). Social security numbers and payment card information are entered into the CRM, but they are “masked” so they likely haven’t been exposed.
“At this time, we have no indication that there has been unauthorized access to your UScellular online user account (My Account),” customers were told.
In response ..
Support the originator by clicking the read the rest link below.
