T-Mobile will pay $500 million for one of the biggest data breaches in US history
T-Mobile will pay $500 million for one of the biggest data breaches in US history
Expand
upungato | Editorial iStock/Getty Images Plus
When T-Mobile compromised the sensitive personal information of more than 76 million current, former and potential customers in 2021, plaintiffs involved in a class action lawsuit complained the company continued to profit of their data while trying to cover up "one of the largest and most significant data breaches in US history".
Now, T-Mobile has not admitted any guilt but has agreed to pay a $500 million settlement (pending a judge's approval), of which $350 million will go to the settlement fund and " at least $150 million" will go to improving its data security measures through 2023.
T-Mobile declined to inform Ars of any specific upcoming plans to improve data security, but instead linked to a statement outlining steps it has taken to "double down" on security over the course of the last year. This includes creating a Cybersecurity Transformation Office that reports directly to T-Mobile CEO Mike Sievert; collaborating with cybersecurity companies to "further transform our cybersecurity program"; intensify employee cybersecurity training; and investing "hundreds of millions of dollars to improve our current cybersecurity tools and capabilities".
All T-Mobile customer payments from the proposed settlement will be disbursed through an independent third-party settlement administrator. The agreement provides that T-Mobile will have 10 days to send funds to the settlement administrator to initiate the notification process to all those who have been deemed eligible to file claims.
At this time, no one knows exactly how much the individual payments will be, as that figure will depend on the total number of complaints filed if the settlement is reached. T-Mobile says everyone whose data was compromised has already been notified, while attorneys representing those suing T-Mobile said it's still possible other victims could be identified. At least one law firm has created an email address to answer questions from anyone concerned about missing out on the proposed settlement. In the proposed settlement agreement, T-Mobile also said a toll-free number and website would be set up to answer any remaining questions.
In its statement, T-Mobile says it is "pleased to have resolved this class action lawsuit".
For T-Mobile customers hurt by the data breach, however, the pain shouldn't really end. In their complaint, customers say they will continue to pay for T-Mobile's poor security choices. They see their data as forever compromised and say they will have to pay for continued identity theft protection in the future, with the "certain, imminent and continuing threat of fraud and identity theft" looming large. profile always.
T-Mobile's Data Security Missteps
A lot of things went wrong to make T-Mobile's data breach happen, but plaintiffs say the company violated the terms of its own privacy policy by not properly disclosing information about the breach or putting in place appropriate safeguards to reasonably protect the data in the first place.
Perhaps the simplest example of T-Mobile not properly disclosing breach information was in its apparent cover-up of hacked accounts where Social Security numbers were leaked. In the complaint, customers shared text and email notifications sent by T-Mobile that generalized the data leak and failed to warn that a customer's Social Security number had been leaked while he was; but when it wasn't, T-Mobile sent out different notifications that specifically reassured customers that Social Security numbers hadn't been disclosed. The contradiction suggests that T-Mobile deliberately concealed details of the data breach from those most vulnerable to identity theft.
Perhaps the most egregious of the allegations that T-Mobile failed to take basic steps to properly protect data was a complaint that the company did not rely on an industry standard. industry...
Expand
upungato | Editorial iStock/Getty Images Plus
When T-Mobile compromised the sensitive personal information of more than 76 million current, former and potential customers in 2021, plaintiffs involved in a class action lawsuit complained the company continued to profit of their data while trying to cover up "one of the largest and most significant data breaches in US history".
Now, T-Mobile has not admitted any guilt but has agreed to pay a $500 million settlement (pending a judge's approval), of which $350 million will go to the settlement fund and " at least $150 million" will go to improving its data security measures through 2023.
T-Mobile declined to inform Ars of any specific upcoming plans to improve data security, but instead linked to a statement outlining steps it has taken to "double down" on security over the course of the last year. This includes creating a Cybersecurity Transformation Office that reports directly to T-Mobile CEO Mike Sievert; collaborating with cybersecurity companies to "further transform our cybersecurity program"; intensify employee cybersecurity training; and investing "hundreds of millions of dollars to improve our current cybersecurity tools and capabilities".
All T-Mobile customer payments from the proposed settlement will be disbursed through an independent third-party settlement administrator. The agreement provides that T-Mobile will have 10 days to send funds to the settlement administrator to initiate the notification process to all those who have been deemed eligible to file claims.
At this time, no one knows exactly how much the individual payments will be, as that figure will depend on the total number of complaints filed if the settlement is reached. T-Mobile says everyone whose data was compromised has already been notified, while attorneys representing those suing T-Mobile said it's still possible other victims could be identified. At least one law firm has created an email address to answer questions from anyone concerned about missing out on the proposed settlement. In the proposed settlement agreement, T-Mobile also said a toll-free number and website would be set up to answer any remaining questions.
In its statement, T-Mobile says it is "pleased to have resolved this class action lawsuit".
For T-Mobile customers hurt by the data breach, however, the pain shouldn't really end. In their complaint, customers say they will continue to pay for T-Mobile's poor security choices. They see their data as forever compromised and say they will have to pay for continued identity theft protection in the future, with the "certain, imminent and continuing threat of fraud and identity theft" looming large. profile always.
T-Mobile's Data Security Missteps
A lot of things went wrong to make T-Mobile's data breach happen, but plaintiffs say the company violated the terms of its own privacy policy by not properly disclosing information about the breach or putting in place appropriate safeguards to reasonably protect the data in the first place.
Perhaps the simplest example of T-Mobile not properly disclosing breach information was in its apparent cover-up of hacked accounts where Social Security numbers were leaked. In the complaint, customers shared text and email notifications sent by T-Mobile that generalized the data leak and failed to warn that a customer's Social Security number had been leaked while he was; but when it wasn't, T-Mobile sent out different notifications that specifically reassured customers that Social Security numbers hadn't been disclosed. The contradiction suggests that T-Mobile deliberately concealed details of the data breach from those most vulnerable to identity theft.
Perhaps the most egregious of the allegations that T-Mobile failed to take basic steps to properly protect data was a complaint that the company did not rely on an industry standard. industry...
Expand
upungato | Editorial iStock/Getty Images Plus
![Three of ID's top PR executives quit ad firm Powerhouse [EXCLUSIVE]](https://variety.com/wp-content/uploads/2023/02/ID-PR-Logo.jpg?#){kind=logo}
