UScellular data breach: attackers ported customer phone numbers

US wireless carrier UScellular discloses data breach, personal information of customers may have been exposed and their phone numbers ported.

US wireless carrier UScellular discloses a data breach that exposed personal information of its customers.

United States Cellular Corporation, is the fourth-largest wireless carrier in the United States, with over 4.9 million customers in 426 markets in 23 states as of the second quarter of 2020.

The company detected the security breach on January 6, 2021, and determined that the intrusion took place early this year, on January 4th, 2021.

Then threat actors tricked UScellular employees working in retail stores into downloading and installing malicious software.

The malware allowed the attackers to access the CRM using the employee’s accounts and then access personal information, including phone numbers, of the company customers.

“On January 6, 2021, we detected a data security incident in which unauth0rized individuals may have gained access to your wireless customer account and wireless phone number. A few employees in retail stores were successfully scammed by unauthorized individuals and downloaded software onto a store computer.” reads the USCellular data breach notification.

“Since the employee was already logged into the customer retail management (“CRM”) system, the downloaded software allowed the unauthorized individual to remotely access the store computer and enter the CRM system under the employee’s credentials.”

The attackers accessed the customer accounts and ported their wireless number to another carrier.

UScellular reported the incident to law enforcement as well as certain state agencies.

Exposed customer details include names, addresses, PIN codes, phone numbers, and information on wireless services, usage, and billing statements (CPNI). The company added that even if the social security numbers and payment card information are present in the CRM, they likely haven’t been exposed because they are “masked”

The news was confirmed in a data breach notification that was initially published by the US mobile carrier on its website, but at the time of this writing is no more available.

“On January 6, 2021, we detected a data security incident in which unauthorized individuals may have gained access to your wireless customer account and wireless phone number.” reads the notice. “After accessing your account, a wireless number on your account was ported to another carrier by the unauthorized individuals.” – USCellular

In response to the incident, the company removed the malicious software from the computers at the retail store and reset passwords for the impacted employees. UScellular also changed users’ and user Authorized Contacts’ PIN and security question/answer.

“We also have worked with those who had a number ported to provide a new temporary number while working to retrieve the fraudulently ported number or provide a new number at the customer’s choice. When a number is ported, the unauthorized individuals do not obtain access to information contained on the customer’s mobile device such as contacts or applications,” the company added. “Nevertheless, we advised these customers to be diligent about monitoring and reviewing their online accounts and financial statements for unauthorized access and transactions and recommend changing the usernames and passwords of online accounts.”

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)

[adrotate banner=”5″]

[adrotate banner=”13″]