Security News > 2021 > January > UScellular Breach Allowed Hackers to Port Customer Phone Numbers
Chicago-based wireless carrier UScellular started informing customers last week that their personal information may have been accessed and their phone numbers ported as a result of a cybersecurity breach.
Since employees were already logged into the CRM system, the attackers were able to access the CRM with the employee credentials and access wireless customer accounts and phone numbers.
"After accessing your account, a wireless number on your account was ported to another carrier by the unauthorized individuals," the company told customers in a data breach notice posted on its website.
UScellular said the attackers may have gained access to names, addresses, PIN codes, phone numbers, and information on wireless services, usage, and billing statements.
It's unclear why the attackers ported phone numbers, but taking control of someone's phone number can be highly useful to cybercriminals in some cases, particularly if they want to access an account protected with SMS-based two-factor authentication.
UPDATE: UScellular told SecurityWeek that only a "Small number" of customer accounts were impacted by the incident.
News URL
Related news
- Hackers exploit Ray framework flaw to breach servers, hijack resources (source)
- Finland confirms APT31 hackers behind 2021 parliament breach (source)
- U.S. Cyber Safety Board Slams Microsoft Over Breach by China-Based Hackers (source)
- Hacker claims Giant Tiger data breach, leaks 2.8M records online (source)
- ArcaneDoor hackers exploit Cisco zero-days to breach govt networks (source)
- Helsinki suffers data breach after hackers exploit unpatched flaw (source)
- Russian hackers use new Lunar malware to breach a European govt's agencies (source)