Security Affairs
Adobe ColdFusion flaw CVE-2026-48282 now exploited in the wild|Hidden Web Prompts Trick AI Agents Into Sending Money|Seven Bugs in FatFs Put IoT and Embedded Devices at Risk|Bad Epoll Flaw Gives Attackers Root Access on Linux and Android|Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Adobe ColdFusion flaw CVE-2026-48282 now exploited in the wild|Hidden Web Prompts Trick AI Agents Into Sending Money|Seven Bugs in FatFs Put IoT and Embedded Devices at Risk|Bad Epoll Flaw Gives Attackers Root Access on Linux and Android|Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

UScellular discloses the second data breach in a year

UScellular, one of the largest wireless carriers in the US, has disclosed a data breach after the hack suffered in December 2021. UScellular has disclosed a data breach after the attack that compromised the company’s billing system in December 2021. United States Cellular Corporation, is the fourth-largest wireless carrier in the United States, with over […]

UScellular

UScellular, one of the largest wireless carriers in the US, has disclosed a data breach after the hack suffered in December 2021.

UScellular has disclosed a data breach after the attack that compromised the company’s billing system in December 2021. United States Cellular Corporation, is the fourth-largest wireless carrier in the United States, with over 4.9 million customers in 426 markets in 23 states as of the second quarter of 2020.

According to the company, it discovered unauthorized access to its billing system on December 12, 2021, that resulted in the exposure of data associated with wireless customer accounts.

“On December 13, 2021, UScellular detected a data security incident in ‘which unauthorized individuals illegally accessed our billing system and gained access to wireless customer accounts that contain personal information. Unauthorized individuals attempted to leverage access to that information to fraudulently port numbers. Based on our investigation, we believe that the incident occurred on December 13-19, 2021.” reads the data breach notification letter. “Information in customer accounts include name, address, PIN code and cellular telephone number(s) as well as information about wireless services including service plan, usage and billing statements. Sensitive personal information, such as Social Security number and credit card information, is masked ‘within the CRM system.”

The attackers attempted to use this information to fraudulently port numbers.

UScellular revealed that 405 customers were impacted by this attack, the company reset login credentials for every affected impacted and immediately changed the impacted customers’ PIN and security question/answer.

In response to the incident, the company also immediately disconnected the computer accessed by threat actors from the internet and requested immediate removal from the internet of the fraudulent websites used by the fraudsters as part of the scheme.

The company recommends impacted individuals to remain vigilant and contact UScellular in case they will receive suspicious communications that appears from the US carrier.

On January 2021, the US wireless disclosed another data breach that exposed personal information of its customers.

The company detected the security breach on January 6, 2021, and determined that the intrusion took place early this year, on January 4th, 2021. Then threat actors tricked UScellular employees working in retail stores into downloading and installing malicious software. The malware allowed the attackers to access the CRM using the employee’s accounts and then access personal information, including phone numbers, of the company customers.

The attackers accessed the customer accounts and ported their wireless number to another carrier.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)

[adrotate banner=”5″]

[adrotate banner=”13″]