T-Mobile is once again under fire for its handling of the 2021 data breach that exposed the personal information of 79 million individuals across the U.S., including over two million Washington state residents. The Washington State Attorney General’s Office has filed a lawsuit, alleging that the telecommunications giant neglected to address long-standing cybersecurity vulnerabilities, allowing hackers to exploit weak defenses.
The lawsuit, led by Attorney General Bob Ferguson, claims T-Mobile failed to meet industry standards, used weak passwords, and mishandled post-breach communications, leaving consumers at risk of identity theft and fraud.
This legal action adds to T-Mobile’s mounting legal troubles, including a $350 million settlement for a related class-action suit and fines imposed by the FCC for repeated cybersecurity failures.
Why It Matters: T-Mobile’s data breach highlights the growing risks of inadequate cybersecurity in the telecommunications industry. With millions of customers entrusting sensitive information to major corporations, these incidents raise critical questions about data protection, regulatory compliance, and corporate accountability.
- Washington Attorney General’s Claims: The lawsuit alleges that T-Mobile ignored known vulnerabilities for years, enabling hackers to access sensitive data, including Social Security numbers, driver’s license details, and other personal information of over two million state residents.
- Inadequate Response to Breach: The company is accused of misleading customers about the severity of the breach and failing to notify some victims that critical data, such as SSNs, had been compromised. Text message notifications omitted key details, hindering consumers’ ability to assess the risk.
- Previous Settlements and Fines: T-Mobile has already faced financial penalties, including a $350 million class-action settlement in 2022 and a $15.75 million FCC fine in 2023, for its cybersecurity failings tied to this and other breaches.
- Demands for Reform: Attorney General Ferguson seeks compensation for affected customers and a court mandate requiring T-Mobile to improve its cybersecurity practices and enhance transparency in future incidents.
T-Mobile is once again being sued over its 2021 data breach – The Verge