T-Mobile faces legal action for its handling of the 2021 data breach, including accusations of inadequate security measures and misleading customer notifications.
 |
| Washington State sues T-Mobile, alleging the company ignored years of warnings about security vulnerabilities, leading to the 2021 data breach that exposed millions of customers' personal information. Image: T-Mobile |
Washington, USA - January 8, 2025:
Washington State Attorney General Bob Ferguson has filed a lawsuit against T-Mobile, alleging the telecommunications giant failed to address known security vulnerabilities that ultimately led to the massive 2021 data breach affecting over 79 million individuals.
The lawsuit claims T-Mobile was aware of critical security flaws within its systems for years but neglected to implement necessary safeguards. This negligence, according to the lawsuit, allowed a hacker to infiltrate T-Mobile's systems undetected for months, from March to August 2021.
Furthermore, the lawsuit criticizes T-Mobile's communication with affected customers as inadequate and misleading. Text messages sent to customers downplayed the severity of the breach, failing to disclose the full extent of compromised information, including Social Security numbers and other personally identifiable data.
This is not the first time T-Mobile has faced legal action for its data security practices. In 2011, AG Ferguson sued the company over deceptive advertising. Additionally, T-Mobile has been a target of recent cyberattacks, including the 2024 "Salt Typhoon" campaign, though the company claims its systems were minimally impacted.
The 2021 breach, which exposed sensitive information of two million Washington residents, has also drawn scrutiny for T-Mobile's alleged decision to hire a third party to purchase exclusive access to the data leaked on the dark web.
This latest lawsuit underscores the growing concern over data security breaches and the importance of companies taking proactive measures to protect consumer information.