T-Mobile Sued Over Massive Data Breach That Leaked Sensitive Info on 79,000,000 Americans
A new lawsuit targets T-Mobile for allegedly failing to fix longstanding cybersecurity issues that led to a massive data breach involving the personal data of millions of Americans.
The Office of the Attorney General for Washington State accuses T-Mobile of violating the state’s Consumer Protection Act by deceiving customers about its ability to protect their data even though the firm knew for years that its cybersecurity systems did not meet industry standards.
Attorney General Bob Ferguson also alleges that T-Mobile understated the impact of the data breach by neglecting to mention all the information that had been stolen when it sent notices to customers affected by the exploit.
“This significant data breach was entirely avoidable. T-Mobile had years to fix key vulnerabilities in its cybersecurity systems – and it failed.”
Ferguson says that in August of 2021, T-Mobile became aware of a cybersecurity incident that compromised the data of over 79 million Americans including their phone numbers, names, addresses, driver’s license records along with other personal information. The attorney general also says the hack siphoned the data of 2,025,634 Washington residents, including 183,406 customers who had their Social Security numbers exposed.
According to court documents, T-Mobile was in the dark about the hack for many months until it received a tip that its customers’ data were being sold on the dark web.
Says the press release,
“The data breach began in March 2021 and continued until August 12, 2021. Due to a lack of adequate security monitoring, according to the lawsuit, T-Mobile was unaware of the breach until an anonymous outside source notified the company that its customers’ data was posted for sale on the dark web.”
Ferguson says before the 2021 hack, T-Mobile had witnessed “numerous cyberattacks” and knew it would continue to be a target as early as 2020 based on a U.S. Securities and Exchange (SEC) filing. However, he alleges that the firm did not do anything to address gaps in its systems while reassuring customers on its website that their data was safe by stating: “We’ve got your back. We’re always working to protect you and your family and keep your data secure.”
The attorney general also alleges that T-Mobile used easy-to-guess passwords, making it simple for thieves to access the firm’s customer records.
“The 2021 breach was enabled, in part, when the hacker guessed obvious credentials to gain access to T-Mobile’s internal databases.”
Additionally, Ferguson accuses T-Mobile of misleading customers about the severity of the breach as the firm removed “critical and legally required information” when it issued notices via text messages.
“Current customers whose Social Security numbers were exposed did not receive any information regarding that exposure.”
The attorney general is asking the court to impose civil penalties on T-Mobile while seeking restitution for Washington residents affected by the hack. He is also seeking injunctive relief to force the firm to revamp its cybersecurity systems and be more transparent when communicating with customers.
Don't Miss a Beat – Subscribe to get email alerts delivered directly to your inboxCheck Price Action
Follow us on X , Facebook and Telegram
Surf The Daily Hodl Mix
Generated Image: Midjourney
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Biden signs executive order to accelerate next-generation AI infrastructure
BTC falls below $96,000
ETH falls below $3,200
JPMorgan Chase's U.S. Treasury bond client long position hits highest level since 2023