Mobile network operator USCellular suffered a data breach after hackers gained access to its CRM and viewed customers' accounts.
In a data breach notification filed with the Vermont attorney general's office, USCellular states that retail store's employees were scammed into downloading software onto a computer.
This software allowed an attacker to access the computer remotely, and as the employee was logged into the customer relationship management (CRM), they gained access to that as well.
"On January 6, 2021, we detected a data security incident in which unauth0rized individuals may have gained access to your wireless customer account and wireless phne number. A few employees in retail stores were successfully scammed by unauthorized individuals and downloaded software onto a store computer."
"Since the employee was already logged into the customer retail management ("CRM") system, the downloaded software allowed the unauthorized individual to remotely access the store computer and enter the CRM system under the employee's credentials," states the
USCellular data breach notification.
