News
The data breach saw the personal details of 79 million T-Mobile customers compromised
The US state of Washington is suing T-Mobile over a massive data breach that affected millions of the state’s residents.
Back in 2021, T-Mobile revealed it had suffered an enormous data breach that saw the personal information of around 79 million of customers and potential customers stolen. Details compromised included customer names, dates of birth, Social Security numbers, and driver’s license information.
While T-Mobile quickly took action to address the security failing, the operator was nonetheless faced with string of related class action lawsuits. In 2022, T-Mobile subsequently agreed to pay out $350 million in compensation to affected customers, as well as pledging to invest $150 million into its cybersecurity infrastructure.
The operator would later be fined $31.5 million by the Federal Communications Commission for its failure to protect customer data during both this incident and other cyberattacks that took place between 2021 and 2023.
In this latest lawsuit, the state of Washington asserts that the data breach, which affected 2 million Washingtonians, could have been avoided.
“T-Mobile knew for years about certain cybersecurity vulnerabilities and did not do enough to address them,” read a statement announcing the lawsuit.
The case also alleges that T-Mobile “failed to properly notify affected Washingtonians of the data breach, downplaying its severity and sending notices to affected consumers that did not disclose all the information that had been compromised”.
“This significant data breach was entirely avoidable,” said Attorney General Bob Ferguson, who filed the case. “T-Mobile had years to fix key vulnerabilities in its cybersecurity systems — and it failed.”
The scale and severity of cybersecurity threats to major telcos have been noticeably increasing alongside geopolitical tensions. Late last year, the US telecoms sector was subject to a major attack by Chinese hacker group ‘Salt Typhoon’, which attacked nine internet service providers in the US.
Senator Mark Warner, chairman of the U.S. Senate Select Committee on Intelligence, called the intrusion the “worst telecom hack in our nation’s history” and is urging telcos to drastically tighten their security.
How is the cyberthreat landscape changing in 2025? Join the operators in discussion at this year’s Connected America conference live in Dallas, Texas
Also in the news:
VEON and Starlink to launch Direct-to-Cell Satellite connectivity in Ukraine
Swisscom completes acquisition of Vodafone Italia
Equinix to buy BT’s Irish data centre business for €59m