After the business’s billing system was hacked in December 2021, UScellular, which claims to be the fourth-largest wireless carrier in the US, announced a data breach. The cellular carrier sent data breach notification letters to 405 impacted individuals. In letters, it was revealed that the attackers also transferred some of the affected customers’ numbers exploiting personal details stolen in the event.
“On December 13, 2021, UScellular detected a data security incident in ‘which unauthorized individuals illegally accessed our billing system and gained access to wireless customer accounts that contain personal information,” the company explained.
“Unauthorized individuals attempted to leverage access to that information to fraudulently port numbers. Based on our investigation, we believe that the incident occurred on December 13-19, 2021.”
After breaking into the CRM system of UScellular, the attackers were able to examine customer account information, including phone numbers and addresses. The company said that name, address, PIN code, and cellular telephone number(s) are all stored in customer accounts. In addition to these, information regarding wireless services such as service plans, consumption, and billing statements is also available in those accounts.
Within the CRM system, sensitive personal information like Social Security numbers and credit card numbers is hidden. At present, there is no evidence of illegal access to your UScellular online user account.
While UScellular did not indicate whether any of its workers’ accounts were hacked, the business reset an unspecified number of retail store login staff credentials. Customers’ security questions, answers, and personal identification numbers (PIN) connected to their accounts were also reset by the mobile carrier.
Following the incident’s discovery, UScellular quickly disconnected the computer used by the unauthorized persons from the internet and asked that the fraudulent websites operated by fraudsters as part of the scam be removed from the internet, as per UScellular. Customers whose personal information is stolen from the company’s CRM systems should be on the watch for targeted phishing attacks.
This one is UScellular’s second data breach in 2021 after hackers gained access to the carrier’s CRM software in January of that year. Threat actors were able to successfully transfer certain UScellular customers’ numbers, just as they were able to do after the December hack, allowing them to obtain two-factor authentication tokens delivered via text messages and potentially control the victims’ online accounts.