Cyber Incident Victim: United States Cellular Corporation

UScellular detected unauthorized access to its billing system on December 13, 2021, prompting an investigation that revealed sustained activity through December 19, 2021. Attackers compromised the carrier's customer relationship management (CRM) system, gaining visibility into wireless customer accounts containing personal information including names, addresses, PIN codes, phone numbers, service plans, usage details, and billing statements. The threat actors leveraged stolen data to fraudulently port customer phone numbers, a technique commonly used to intercept two-factor authentication codes for account takeovers. Sensitive information such as Social Security numbers and credit card data remained protected through masking protocols within the CRM platform. The company confirmed no evidence of unauthorized access to customer online user accounts despite the billing system intrusion.

The carrier notified 405 affected individuals via breach disclosure letters in early January 2022, marking its second security incident of the year following a January 2021 CRM access breach. Response measures included forced resets of employee login credentials and security question updates for impacted customers. Forensic analysis determined the intrusion window spanned six days, though the disclosure didn't specify whether the porting attempts succeeded or quantify potential financial losses. UScellular emphasized continuous system monitoring while acknowledging persistent risks of attackers exploiting ported numbers for secondary account compromises across other platforms. The incident exposed operational vulnerabilities in billing infrastructure without compromising masked financial identifiers or online account credentials.