Connect with us

Hi, what are you looking for?

Assets Under ControlAssets Under Control

Tech News

T-Mobile is once again being sued over its 2021 data breach

Illustration: Alex Castro / The Verge

Washington state is suing T-Mobile for allegedly failing to address cybersecurity vulnerabilities that enabled a hacker to expose the personal data of 79 million people nationwide. The consumer protection lawsuit filed by Washington Attorney General Bob Ferguson on Monday stems from a cyberattack that began in March 2021 and went unnoticed until T-Mobile disclosed the breach in August.

The filing asserts that T-Mobile failed to address certain security vulnerabilities that the company was aware of “for years,” and did not properly notify more than two million Washington residents who were impacted by the breach. The lawsuit accuses T-Mobile of downplaying the severity of the breach, which exposed the personal information of current, former, and prospective customers — including their names, phone numbers, physical addresses, dates of birth, Social Security numbers, and driver’s license / ID numbers.

The notifications that T-Mobile issued about the data breach violated the Consumer Protections Act by omitting key information that made it difficult for people to assess if they were at risk of identity theft or fraud, according to the filing. The lawsuit also says that T-Mobile “did not meet industry standards for cybersecurity” for years prior to the hack, and used “obvious passwords” to protect accounts that could access consumer information.

“This significant data breach was entirely avoidable,” Ferguson said in a statement. “T-Mobile had years to fix key vulnerabilities in its cybersecurity systems — and it failed.”

This isn’t the first time that Washington state has taken action against T-Mobile, with Ferguson having successfully persuaded the company to make clear the limitations of its “no-contract” wireless service plan back in 2013.

Ferguson’s latest lawsuit is seeking compensation for customers impacted by the 2021 breach and a court order that would force T-Mobile to bring its cybersecurity practices in line with industry standards, alongside improving transparency and communication around future data breaches. This follows T-Mobile paying $350 million in 2022 to settle a class-action lawsuit stemming from the 2021 hack, and a further $15.75 million fine last year over an FCC investigation into its repeated cybersecurity incidents.

You May Also Like

Tech News

Image: May Mobility May Mobility, an autonomous vehicle operator that mainly focuses on long-term transportation contracts, is expanding its fleet of vehicles to include...

Politics

President-elect Donald Trump is keeping up his push to make Canada the United States’ 51st state. ‘Canada and the United States. That would really...

Politics

House Republicans on Thursday introduced a bill for the United States to repurchase the Panama Canal after President-elect Trump raised concerns that the critical...

Tech News

Photo by Vjeran Pavic / The Verge We might be skeptical of some Nvidia’s claims, like whether a $549 RTX 5070 will truly deliver...

Generated by Feedzy