Hackers Gained Access to The US Cellular's CRM System

Mobile operator USCellular has been the victim of a data breach after attackers gained access to its customer relationship management (CRM) system.

According to a security incident notification filed with the Vermont Attorney General's Office, attackers tricked USCellular retail store employees into downloading malware onto computers.

“On January 6, 2021, we discovered a data security incident that could result in unauthorized persons gaining access to your wireless user account and wireless phone number. Several retail store employees were successfully tricked by unauthorized persons and downloaded the software onto the store computer. Since the employee was already logged into the retail management system ("CRM"), the downloaded software allowed an unauthorized person to remotely access the store's computer and log into the CRM system using the employee's credentials, ”USCellular explained in the notice.

According to the telecom operator, the attack took place on January 4, 2021. It is not clear from the notification how many customers were affected by the incident, or how the attackers were able to trick employees (via a phishing email or other method).

When attackers viewed USCellular customer accounts in the CRM system, attackers could see their names, addresses, PIN codes, cell phone numbers, tariff plans, and billing and usage reports. Social insurance numbers and bank card details were not visible to cybercriminals, the operator said.

Upon learning of the attack, USCellular isolated the infected computer and reset user passwords. The operator has also reset PINs and security questions / answers, which can be configured again by contacting USCellular.

Previous Post Next Post