USCellular has reported that it got hit by a data breach after retail employees were duped into downloading software on to a store computer. The program gave remote access to the computer — and to a customer relationship management (CRM) software — which hackers were able to access through the breach, and from there see the names, addresses, billing information and more details of existing USCellular customers.
The breach occurred on January 4, 2021, believes USCellular — although the company first noticed the breach on January 6, according to Bleeping Computer, and according to the notice filed with Office of the Vermont Attorney General on January 21, 2021.
PIN numbers and security questions and answers were changed by USCellularGetty Images/iStock
Details that include Social Security numbers and credit card details were apparently masked by the CRM system and not seen by the attackers, the company said.
Data breaches were reportedly down in 2020 according to a new report from the Identity Theft Resources Center. But that doesn't mean attacks can't happen — and customer data affected, as in the case here with USCellular.
To take steps to further protect customers, USCellular said that the company not only removed the affected computer from the retail store, but also made sure it was prevented from getting on the internet. Plus, the company reset all employees credentials in that store.
As for customers, though, their own login details have been changed as well including their PIN number and any security question and answer they had set up. People are being asked to contact USCellular to set up new details for their accounts.