USCellular hit by a data breach after hackers access CRM software


​Mobile network operator USCellular suffered a data breach after hackers gained access to its CRM and viewed customers’ accounts.

In a data breach notification filed with the Vermont attorney general’s office, USCellular states that retail store’s employees were scammed into downloading software onto a computer.

This software allowed an attacker to access the computer remotely, and as the employee was logged into the customer relationship management (CRM), they gained access to that as well.

“On January 6, 2021, we detected a data security incident in which unauth0rized individuals may have gained access to your wireless customer account and wireless phne number. A few employees in retail stores were successfully scammed by unauthorized individuals and downloaded software onto a store computer.”

“Since the employee was already logged into the customer retail management (“CRM”) system, the downloaded software allowed the unauthorized individual to remotely access the store computer and enter the CRM system under the employee’s credentials,” states the USCellular data breach notification.

USCellular believes the attack occurred on January 4th, 2021.

It is not clear from the notification how many customers were affected and whether the employees were scammed via a phishing email or another method. 

While viewing a customers’ account in the CRM, the threat actor would have been able to see their name, address, PIN, cell phone numbers, service plan, and billing/usage statements.

“As indicated above, your customer account was impacted in this incident. Information your customer account includes your name, address, PIN c0de, and cellular telephone numbers(s) as well as information about your wireless services including your service plan, usage and billing statements known as Customer Proprietary Network Information (“CPNI”),” the data breach notification continues.

USCelluar states that customers’ social security numbers and credit card information were not accessible as they are masked in the CRM.

After learning of the attack, USCellular isolated the infected computer and reset the employee’s passwords.

The company also reset impacted customers’ and authorized contact’s PIN and security questions/answers, which can be set up again by contacting USCellular.

Affected customers should be on the lookout for targeted phishing scams utilizing information stolen from the CRM.

BleepingComputer has contacted USCellular with questions about the breach and how the employees were scammed but have not heard back.

You May Also Like…