The state of Washington has initiated legal proceedings against T-Mobile over a significant data breach from 2021 that impacted millions of its residents. This breach exposed personal details of about 79 million individuals. Compromised information included names, birth dates, Social Security numbers, and driver’s licenses.
Despite T-Mobile’s swift response to rectify the breach, they faced multiple class action lawsuits. By 2022, T-Mobile consented to a $350 million settlement for affected clients and committed $150 million towards enhancing its cybersecurity framework.
The Federal Communications Commission subsequently fined the operator $31.5 million for data protection lapses during this and other cyber incidents from 2021 to 2023. The lawsuit by Washington argues the breach, impacting 2 million within the state, was avoidable.
A statement from Washington’s authorities argued, “T-Mobile knew for years about certain cybersecurity vulnerabilities and did not do enough to address them.” Furthermore, the lawsuit claims T-Mobile mismanaged the breach notification process, understating its severity and failing to provide comprehensive details about the exposed data.
Attorney General Bob Ferguson emphasized, “This significant data breach was entirely avoidable. T-Mobile had years to fix key vulnerabilities in its cybersecurity systems — and it failed.” This situation underscores the escalating nature of cybersecurity threats, especially amid rising geopolitical tensions.
