T-Mobile Settlement Shows Companies’ Vulnerability to Data Breaches
T-Mobile, the nation’s second largest wireless carrier, has agreed to pay $350 million to settle multiple class action lawsuits stemming from a massive 2021 data breach that exposed the personal information of around 76 million customers, including more than 68,000 in West Virginia. It is the second largest data breach settlement in history, trailing only Equifax’s $900 million settlement in 2019. What’s more, it is a striking example of how even the largest companies are not immune to large-scale hacking of customer data.
T-Mobile reported in August 2021 that the cyberattack had led to the theft of millions of people’s personal information, including names, addresses, birth dates, Social Security numbers, driver’s license details and codes identifying individual phones. Eventually, a 21-year-old hacker named John Binns took responsibility for the attack. He told the Wall Street Journal that “[T-Mobile’s] security is awful” and he hadn’t expected to so easily gain access to such a huge amount of information.
A federal judge in Missouri approved the settlement in July. Customers will be able to make claims of up to $25,000 for out-of-pocket losses resulting from the breach. Affected customers will also receive two years of free identity theft protection and access to fraud specialists. T-Mobile has also agreed to increase its cybersecurity budget by $150 million within the next few years.
Most often, data breach cases are filed as class actions because numerous people are affected by the same breach. The T-Mobile settlement is actually a single settlement that covers 44 different class actions filed around the country.
Earlier this year, West Virginia Attorney General Patrick Morrisey warned residents to stay vigilant in protecting their identities and personal information, urging West Virginians to take these actions:
- Monitor bank accounts and credit card statements for unauthorized transactions
- Review credit reports and challenge anomalies
- Place a freeze on their credit reports to prevent identity thieves from opening new accounts
- Sign up for fraud alerts, which are usually free
The T-Mobile data breach case and others in recent years — Home Depot, Equifax, Fifth Third Bank and dozens of others — illustrate that companies can be made to answer for their lapses in data security. To establish liability, victims must prove the company was negligent in allowing the breach to occur. Importantly, a negligent company cannot hold itself harmless simply by showing that the breach was caused by a criminal third-party actor.
The Giatras Law Firm, PLLC has extensive experience investigating data breaches and seeking justice in behalf of people hurt by them. Our Charleston attorneys know how to manage complex class action litigation against major companies. To speak with a data breach lawyer, please call 888-819-1281 or contact us online at your convenience.