The new year has brought more trouble for T-Mobile, as its 2021 security breach has landed the U.S. carrier in additional legal troubles, thanks to the latest lawsuit filed against the company. This time, Washington state is suing T-Mobile for failing to address the security vulnerabilities that enabled a hacker to expose the data of a whopping 79 million people throughout the entire country. The company is also being taken to court because the latter made misleading assurances to the public that it would safeguard their data.
There have been five security breaches that T-Mobile has endured, and it is being taken to court for one of them
The Washington Attorney General, Bob Ferguson, has filed a consumer protection lawsuit against T-Mobile. The security breach happened in March 2021, but it took months for the carrier to disclose these details in August of that year. The details spotted by The Verge mention that the firm was fully aware of its security vulnerabilities for years, and it failed to inform consumers, which was the communications giant’s fiduciary obligation. The lawsuit also accuses T-Mobile of downplaying the severity of the breach, which ended up exposing the personal data of millions of subscribers.
In August 2021 (“August Breach”), T-Mobile failed to adequately secure the PII of over 2 million Washington consumers, including many social security numbers (SSNs). Prior to the August Breach, T-Mobile made misleading assurances to the public that it would properly safeguard customer data. However, despite its public statements, the August Breach was a direct result of T-Mobile’s lack of accountability. T-Mobile failed to adhere to internal cybersecurity policies as well as recognized industry standards.
T-Mobile also ignored its own internal reports that warned of the vulnerabilities that eventually led to and exacerbated the August Breach. T-Mobile’s failure to adequately implement cybersecurity measures and address known vulnerabilities, as well as its misleading assurances, violated the CPA. In addition to failing to secure consumer PII, T-Mobile also failed to provide adequate notice of the breach to certain affected WA consumers in violation of the CPA.
The breach notification to current T-Mobile customers left out critical information about the August Breach and downplayed the severity of the August Breach. Without the pertinent information needed to take steps, or realize steps were needed, to protect their information, those consumers were left vulnerable to fraud and identity theft from nefarious actors.
Ferguson’s latest lawsuit seeks compensation for customers impacted by the 2021 breach and a court order that would require T-Mobile to up its cybersecurity practices to industry standards. Additionally, the carrier has to maintain transparency with customers regarding future breaches.
About the author: Omar Sohail is a reporter and analyst for Wccftech's mobile section, specializing in the technology and business of the mobile industry. His expertise lies in the intricate hardware supply chain, covering developments in semiconductor manufacturing, chip lithography, and camera sensor technology.
Follow Wccftech on Google to get more of our news coverage in your feeds.
