USCellular Data Breach Incident
USCellular is serving nearly 5 million customers across 23 states, making it the fourth-largest wireless mobile network provider in the US. The company has revealed a data breach incident in its filing with the Vermont attorney general’s office today. In a notification, it mentioned that employees of one of its retail stores were successfully scammed to download software by the adversary and access their systems. And since the employees were logged into their CRM software, the adversary has gained unauthorized access into that part too. USCellular said the breach may have occurred on January 4th and detected two days later. It didn’t mention how many customers were affected by this incident, and by what means the employees were hacked. A general method would be through phishing emails, where the target is tricked into downloading the malicious software. The USCellular notification mentioned the accessed data includes the “customers’ name, address, PIN, cellular telephone numbers(s) and the wireless services including their service plan, usage and billing statements known as Customer Proprietary Network Information (“CPNI”).” It assured that neither the social security numbers nor the credit card data were accessed since they’re masked in the CRM. USCellular has immediately reset the affected employees’ credentials, and also the customers authorized contact’s PIN and security questions/answers for security. Such customers can set up them again by contacting the USCellular.