T-Mobile settles to pay $350M to customers in data breach
Following the data breach T- Mobile has agreed to pay $350 million to customers affected by a class action lawsuit filed after the company disclosed last August that personal data like social security numbers had been stolen in a data breach cyberattack which impacted around 80 million US residents.
Following the data breach T-Mobile would also commit to an aggregate incremental spend of $150 million for data security and related technology in 2022 and 2023. The filing in the US District Court for the Western District of Missouri states that the payment to each customer can’t exceed $2,500.
In August 2021, a hacker claimed to have stolen 100 million of customers data from T-Mobile’s servers in this data breach. This included data like names, driver licenses, addresses, and social security numbers. Roughly 850,000 active prepaid accounts also had account Pin numbers exposed.
After the merger with Sprint in 2020, T-Mobile reported having a total of 102.1 million US customers. Despite the claims of the hackers who performed the data breach, initial estimates said some 55 million individuals were impacted. Later that number was raised to 80 million.
T-Mobile has agreed to pay $350 million to settle multiple class action suits stemming from the 2021 data breach. In a Securities and Exchange Commission filing, T-Mobile said the funds would pay for claims by class members, the legal fees of the plaintiffs’ counsel, and the costs of administering the settlement.
It also said it would spend $150 million next year to fortify its data security and other technologies.
T-Mobile said the settlement contains no admission of liability, wrongdoing or responsibility.
T-Mobile pledged to improve its security program by:
- Creating a Cybersecurity Transformation Office that reports directly to the CEO, as well as adding more top talent with decades of cyber strategy experience and leadership to the team.
- Engaging in long-term collaborations with industry experts to design strategies and execute plans to further transform the cybersecurity program.
- Committing to invest hundreds of millions of dollars to enhance its current cybersecurity tools and capabilities.
- Conducting nearly 900,000 training courses for employees and partners across the company to understand their critical role in keeping safe.
Data breaches are one of the most reported cyberattacks against businesses regardless of size and industry. Nowadays, many ransomware attacks are accompanied with data exfiltration and leaks if the victim refuses to pay the ransom.
For many, a data breach is proof that companies are not doing what they’re supposed to with their customers business data, and that is to primarily secure it at all cost. Others will argue that a data breach is not a matter of “if it happens” but “when it happens.” This, however, doesn’t take away from the effort that must be put in to prevent data breaches, nor does it lessen the impact it has on affected customers.
Another good strategy is to have a clear vision of what data you really need from your customers and how long you want to keep hold of that data. One of the arguments against T-Mobile at the time was that a large part of the stolen data in the data breach belonged to former and prospective customers.