Cyber Incident Victim: United States Cellular Corporation
Date:
Jan 2021
Location:
United States of America
Summary
USCellular experienced a data breach when attackers compromised its customer relationship management system after deceiving retail employees into installing malicious software, enabling remote access to a logged-in workstation. This unauthorized access permitted the hackers to view customer account information, leading to the exposure of sensitive data without further details on the specific scope or types of impacted records. The incident stemmed from a social engineering tactic targeting staff credentials to infiltrate the company's internal systems.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In late January 2021, USCellular experienced a data breach stemming from unauthorized access to its customer relationship management (CRM) system. Attackers compromised the telecommunications provider by deceiving retail store employees into installing malicious software on a company computer. The breach occurred when staff members, targeted through a scam, downloaded and executed the threat actor’s software, enabling remote access to the compromised workstation. Since the employee was actively logged into the CRM platform at the time of the intrusion, the attackers gained entry to the system containing customer account information. USCellular confirmed the incident in a data breach notification submitted to the Vermont Attorney General’s office, though the filing did not disclose the number of affected customers or specific timeframes for the unauthorized access. The attackers exploited the CRM’s functionality to view customer accounts, but the notification did not specify whether data was exfiltrated or merely accessed.
The breach exposed customer account information accessible through the compromised CRM software, though USCellular’s notification did not enumerate the exact data elements involved. Following discovery of the incident, the company initiated standard breach response protocols, including regulatory notifications to state authorities. No public statements detailed containment measures such as disabling compromised accounts, forensic investigation methodologies, or system security enhancements implemented post-breach. Similarly, USCellular did not disclose whether law enforcement was engaged or whether impacted customers received identity protection services. The incident highlighted risks associated with social engineering attacks targeting employee workstations with access to critical business systems. BleepingComputer’s reporting indicated the breach stemmed from localized endpoint compromise rather than a network-wide intrusion, though USCellular did not confirm the attack’s technical scope beyond the CRM access facilitated by the rogue software installation.