USCellular Notifies Customers of Data Breach after Employees Unknowingly Download Malware

USCellular, a Chicago-based mobile network operator, has revealed a data breach incident affecting an undisclosed number of customers. The company believes the incident occurred on January 4, 2021, after threat actors managed to trick employees into accessing and downloading malicious software on some retail-store computers.

Two days later, the breach was discovered, prompting the company to reset employee passwords and remove the compromised systems from its computer network.

“On January 6, 2021, we detected a data security incident in which unauth0rized individuals may have gained access to your wireless customer account and wireless phone number,” the notification reads. “A few employees in retail stores were successfully scammed by unauthorized individuals and downloaded software onto a store computer.”

Since the employee was already logged in to the computer retail management (CRM) system, the threat actor could access the store computer and customer-facing systems.

The attack exposed customer account details including name, address, cell phone number, PIN, service plan, and billing and usage statements.

“Your customer account was impacted in this incident,” the company said. “Information in your customer account includes your name, address, PIN code, and cellular telephone numbers(s) as well as information about your wireless services including your service plan, usage and billing statements known as Customer Proprietary Network Information (‘CPNI’).”

USCellular says no Social Security numbers or financial information were stolen since this information “is masked within the CRM system.”

“At this time, we have no indication that there has been unauthorized access to your UScellular online user account (“My Account”),” the telecom explained.

The data breach letter states that all authorized contacts’ PIN numberss, security questions and answers have been reset to prevent fraud on customer accounts.

Users are urged to watch out phishing attempts and report suspicious correspondence by calling the customer service number.

Stop guessing what the internet knows about you. Find out with Bitdefender’s Digital Identity Protection!