U.S. Cellular, the fourth-largest wireless carrier in America, has suffered a data breach. Hackers reportedly gained access to protected systems by installing malware on a computer at a U.S. Cellular retail store.
According to the breach notification filed with the Office of the Vermont Attorney General the attack began on the 4th of January. Hackers targeted a handful of U.S. Cellular store employees who had access to its customer relationship management (or CRM) software.
The notification doesn’t offer a lot of specifics about the attack itself. It notes only that those employees fell victim to a scam of some sort.
In incidents like this one, hackers will often contact employees and pretend to be IT support staff or outside contractors providing technology services. If they’re convincing enough, the victims are all too willing to grant remote access.
Once connected the attacker can implant malware that sets up the next phase of the attack. Since the U.S. Cellular staff were logged in to its CRM software at the time of the attack, the hackers immediately went to work collecting customer data.
Their activity was detected on January 6th — just two short days later. Unfortunately some U.S. Cellular customers had already been impacted.
The hackers were able to access customer names and addresses, cellular phone numbers, plan information and access PINs used when making changes to service. In some cases the attackers used that information to port customers’ phone numbers to other cellular carriers.
This can be very bad news for consumers. A ported phone number can allow a hacker to break into sensitive accounts if they’re protected by SMS-based two-factor authentication.
Porting can provide fodder for blackmail schemes and access to private photos and other data. A stolen phone number also gives a cybercriminal a convincing starting point for launching further attacks against a victim’s close contacts.
Also Read: Story about how bad software helped slow coronavirus vaccine distribution
Impact of the attack was limited because the infected computer was quickly isolated before further harm could be done. U.S. Cellular has reset the affected customer PINs, security questions and passwords. Those customers have been contacted by the company in order to re-secure their accounts.