Security News > 2021 > January > USCellular hit by a data breach after hackers access CRM software

Mobile network operator USCellular suffered a data breach after hackers gained access to its CRM and viewed customers' accounts.

In a data breach notification filed with the Vermont attorney general's office, USCellular states that retail store's employees were scammed into downloading software onto a computer.

This software allowed an attacker to access the computer remotely, and as the employee was logged into the customer relationship management, they gained access to that as well.

"On January 6, 2021, we detected a data security incident in which unauth0rized individuals may have gained access to your wireless customer account and wireless phne number. A few employees in retail stores were successfully scammed by unauthorized individuals and downloaded software onto a store computer."

"Since the employee was already logged into the customer retail management system, the downloaded software allowed the unauthorized individual to remotely access the store computer and enter the CRM system under the employee's credentials," states the USCellular data breach notification.

"As indicated above, your customer account was impacted in this incident. Information your customer account includes your name, address, PIN c0de, and cellular telephone numbers(s) as well as information about your wireless services including your service plan, usage and billing statements known as Customer Proprietary Network Information," the data breach notification continues.

News URL

https://www.bleepingcomputer.com/news/security/uscellular-hit-by-a-data-breach-after-hackers-access-crm-software/