Summary
- The Washington state attorney general is suing T-Mobile over a 2021 data breach that exposed the data of 79 million people.
- The lawsuit alleges T-Mobile knew of the vulnerabilities and didn’t act on them, and then didn’t do enough to warn customers.
- The lawsuit demands T-Mobile compensate two million Washington customers who were affected, and modernize its security practices.
It was a hectic summer in 2021, with the COVID-19 pandemic still hanging around, political divisions still festering, and an economy stuck in neutral. That was when a security firm notified T-Mobile it had been hacked and the data of tens of millions of its customers stolen. The company blasted out a vague SMS to all of its mobile customers informing them they may be impacted. The Washington state government doesn’t think that was enough, and today filed suit against the company.
The lawsuit, filed by Washington state attorney general (AG) Bob Ferguson, accuses T-Mobile of ignoring vulnerabilities that had been known to the company for years (via The Verge). The lawsuit alleges T-Mobile’s lack of action allowed the breach to continue undetected for months, only coming to light in August 2021, after 79 million customers were impacted, including two million Washington residents.
T-Mobile has a strained history with WA authorities
T-Mobile is no stranger to the Washington State attorney general’s office. The carrier was sued by AG Bob Ferguson in 2013 over false advertising. The resulting decision forced T-Mobile to be clearer on disclosures about their wireless plans. The company was also fined $15.75 million by the FCC in 2023 over a different cybersecurity failure, and recently settled a $350 million class action lawsuit.
Ferguson’s recent filing highlights that T-Mobile’s customer notifications omitted key details of the breach, downplaying the severity of the situation. The company reportedly focused on reassuring customers that credit card data was not part of the breach, while neglecting to mention that other sensitive information was exposed. The lawsuit also criticizes T-Mobile for using weak passwords and failing to meet modern cybersecurity protocols. Ferguson’s office argues the data theft was preventable had T-Mobile acted on these vulnerabilities earlier.
The current lawsuit seeks compensation for affected customers and demands that T-Mobile improve its cybersecurity practices to align with industry standards. It all underscores how much data tech giants and telecom companies have control over, and how data breaches are becoming more frequent and severe.
Related
8 essential Android 15 security features you should set up immediately
Stay safe in a digital world: Android 15’s got your back
