T-Mobile has agreed to a $350 million settlement over its massive 2021 data breach

T-Mobile has agreed to pay $500 million to settle a class-action lawsuit stemming from the 2021 hack that it says exposed about 76.6 million US residents’ data. Under the proposed agreement implemented Friday, which you can read in full below, T-Mobile will put $350 million into a settlement fund to go to attorneys, fees and, of course, people filing claims. It will also be obligated to spend $150 million on “data security and related technology” during 2022 and 2023, in addition to what it had already budgeted for.

In August, the company announced that its systems had been hacked, after reports that the Social Security numbers, names, addresses and driver’s license information of more than 100 million of its customers were up for sale. While the number proved to be a bit inflated, T-Mobile’s number of people affected continued to rise through the rest of the month. The T-Mobile CEO called this security breach – the fifth in four years – “shameful.”

The proposed settlement agreement still has to be approved by a judge, but if it does, T-Mobile will have 10 days to put money in the fund to cover the costs of notifying those eligible for the claim. According to the settlement, that covers “the approximately 76.6 million US residents identified by T-Mobile whose information was compromised in the data breach,” with some caveats to some carrier employees and people close to the judges who presided over the case. In full interest disclosureWell, that could well mean that I am eligible to apply for compensation, as I was a T-Mobile customer when the hack happened.

The settlement agreement does not contain estimates of how much each claimant can expect to receive, although it is difficult to estimate this type of thing until it is clear how many people will make claims.

The lawsuit that T-Mobile hopes to settle here accused the company of failing to protect the data of its past, current and potential customers, failing to properly notify people who might be affected, and generally having “inadequate data security.” T-Mobile denies the allegations in the agreement, saying the settlement does not constitute an admission of guilt. In a filing with the Securities and Exchange Commission, the carrier says it “has the right to terminate the agreement under certain conditions” set forth in the proposed agreement, but says it expects to have to pay claims.

Outside of this lawsuit, there have been other responses to the T-Mobile data breach and other similar matters. The Federal Communications Commission (FCC) has proposed new rules surrounding such attacks, which are meant to improve how the company communicates with people about their data.

Leave a Reply

%d bloggers like this: