A data breach targeting mobile network carrier USCellular was reported to have occurred on Jan. 4, in which hackers were able to access the company’s customer relationship management system and view customer information, according to BleepingComputer. In its data breach notification filing with the attorney general's office of Vermont, USCellular reported that the attackers successfully tricked store employees into downloading software onto a computer, which allowed them to access the device remotely. “Since the employee was already logged into the customer retail management ("CRM") system, the downloaded software allowed the unauthorized individual to remotely access the store computer and enter the CRM system under the employee's credentials,” the company stated. The notification did not specify the number of customers affected by the breach or what method the attackers used to scam the employees, but stated that the compromised information included customers’ “name, address, PIN code, and cellular telephone numbers(s) as well as information about your wireless services including your service plan, usage and billing statements known as Customer Proprietary Network Information ("CPNI").” The company said customers’ credit card information and social security numbers were masked in the CRM and thus were not accessed.
Change Healthcare attack linked to state-backed threat actors Major U.S. healthcare revenue and payment cycle management provider Change Healthcare was noted by its parent firm UnitedHealth Group to have been targeted by suspected state-sponsored threat actors in a cyberattack on Feb. 20, TechCrunch reports.