By 
Mobile network operator USCellular suffered a data breach after hackers gained access to its CRM and viewed customers’ accounts.
In a data breach notification filed with the Vermont attorney general’s office, USCellular states that retail store’s employees were scammed into downloading software onto a computer.
The software allowed an attacker to access the computer remotely, and as the employee was logged into the customer relationship management (CRM), they gained access to that as well.
“On January 6, 2021, we detected a data security incident in which unauthorized individuals may have gained access to your wireless customer account and wireless phone number. A few employees in retail stores were successfully scammed by unauthorized individuals and downloaded software onto a store computer.”
“Since the employee was already logged into the customer retail management (“CRM”) system, the downloaded software allowed the unauthorized individual to remotely access the store computer and enter the CRM system under the employee’s credentials,” states the USCellular data breach notification.
USCellular believes the attack occurred on January 4th, 2021. It is not clear from the notification how many customers were affected and whether the employees were scammed via a phishing email or another method.
While viewing a customers’ account in the CRM, the threat actor would have been able to see their name, address, PIN, cell phone numbers, service plan, and billing/usage statements.
“As indicated above, your customer account was impacted in this incident. Information your customer account includes your name, address, PIN c0de, and cellular telephone numbers(s) as well as information about your wireless services including your service plan, usage and billing statements known as Customer Proprietary Network Information (“CPNI”),” the data breach notification continues.
USCelluar states that customers’ social security numbers and credit card information were not accessible as they are masked in the CRM.
In a now deleted data breach notification [archived copy] posted to USCellular’s site, the mobile carrier also stated that the attackers were able to port numbers for affected customers to another carrier.
“After accessing your account, a wireless number on your account was ported to another carrier by the unauthorized individuals.” – USCellular
After porting the numbers, threat actors could have used it in additional attacks, such as phishing, to gain access to 2-factor authentication codes sent via text message.
After learning of the attack, USCellular isolated the infected computer and reset the employee’s passwords.
The company also reset impacted customers’ and authorized contact’s PIN and security questions/answers, which can be setup again by contacting USCellular.
Affected customers should be on the lookout for targeted phishing scams utilizing information stolen from the CRM.
BleepingComputer has contacted USCellular with questions about the breach and how the employees were scammed but have not heard back.
Comments