USCellular Data Breach: Hackers Gained Access to Users' Personal Data, PIN Code, Billing Statements, and More

USCellular, the fourth largest mobile network operator in the United states has suffered data breach after attackers hacked its Customer Relationship Management (CRM) software and gained access to customer's accounts and phone numbers.

USCellular Data Breach: Hackers Gained Access to Users' Personal Data, PIN Code, Billing Statements, and More
Photo by Sora Shimazaki from Pexels

USCellular states in a data breach notice filed at the Vermont attorney general's office that a few employees in the retail store were tricked into installing a software into their computer.

According to Bleeping Computer, the software turns out to be a malware that allowed the hackers to access US Cellular's computer remotely. This means that through the activity of the employees on the infected computer, they also gained access to the company's CRM which allowed them to view the customer's accounts and phone numbers.

The data breach notification says "since the employee was already logged into the customer retail management ("CRM") system, the downloaded software allowed the unauthorized individual to remotely access the store computer and enter the CRM system under the employee's credentials."

At this point, more investigation needs to be conducted as USCellular is still not certain about the source of the hacking. It is not clear whether it came through a phishing email or other tactics. There isn't any clear data yet how many customers were affected by this data breach.

Information gained by the USCellular CRM Hackers

The data breach notification specified thet types of information possibly gained by the hackers.

"As indicated above, your customer account was impacted in this incident. Information your customer account includes your name, address, PIN code, and cellular telephone numbers(s) as well as information about your wireless services including your service plan, usage and billing statements known as Customer Proprietary Network Information ("CPNI")," the data breach notification reads.

USCellular notes that data such as personal information, PIN code, service plan, and billing statements might have been compromised due to the hacking incident. However, data such as social security number as well as credit card information are reportedly masked from the CRM and are thus inaccessible to the hackers.

US Cellular Takes Action After the Data Breach

Following the incident, USCellular got rid of the computers involved in the scam for further investigation. They also reset employee's passwords.

USCellular also reached out to affected customers that they have reset their authorized contact PIN and security questions to prevent further data access. Users who want their information reset as well can head over to the US Cellular office.

As SlashGear notes, this USCellular has been a victim of many instances of system hacking in the past. Customers and Employees alike should be on the lookout for unknown links, software, and attachments that could be possible sources for phishing scams to prevent some irreversible damage.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics