The Target: United States Cellular Corporation, a wireless carrier.
The Take: Personally Identifiable information including: names, addresses, PIN codes, phone numbers, information on wireless usage and billing statements.
The Vector: The threat actors contacted employees of U.S Cellular and tricked them into downloading and installing malicious software and as the employees were logged on with legitimate credentials, the dangerous software was able to be installed. This malware let the attackers further access customer accounts remotely to port the victim’s phone numbers to a different carrier.
This breach highlights the ongoing and ever-present threat that social engineering poses to firms. Regular training and policy review can help firms ensure their employees are employing a slow and measured approach whenever access, or installation of software, is made – especially when the request is initiated from outside the firm.