Cyber Security News

Washington State Filed Lawsuit Against T-Mobile Massive Data Breach

Washington State Attorney General Bob Ferguson filed a consumer protection lawsuit against T-Mobile for its alleged failure to secure sensitive personal information of over 2 million residents.

This lawsuit comes in the wake of a massive data breach that exposed the personal details of Washingtonians, putting them at heightened risk of fraud and identity theft.

The complaint, submitted to King County Superior Court, accuses T-Mobile of neglecting known cybersecurity vulnerabilities for years. Ferguson claims that despite being aware of these risks, T-Mobile misled consumers about its commitment to protecting their data.

Furthermore, the lawsuit alleges that the company did not adequately inform customers about the breach’s severity and failed to provide complete disclosure regarding the compromised information.

T-Mobile Massive Data Breach

“This significant data breach was entirely avoidable,” Ferguson stated emphatically. “T-Mobile had years to fix key vulnerabilities in its cybersecurity systems — and it failed.”

The breach, which was discovered in August 2021, revealed that hackers accessed T-Mobile’s internal network, compromising the personal data of over 79 million customers across the nation.

T-Mobile had already been the target of numerous cyberattacksT-Mobile had already been the target of numerous cyberattacks
T-Mobile had already been the target of numerous cyberattacks

Among them, 2,025,634 residents from Washington were affected, with approximately 183,406 individuals having their Social Security numbers exposed. Other compromised data included names, phone numbers, physical addresses, and driver’s license information.

According to the lawsuit, the data breach spanned from March 2021 until August 12, 2021. It states that T-Mobile was unaware of the breach due to inadequate security monitoring until an external source alerted the company about its data being sold on the dark web.

Attorney General Ferguson criticized T-Mobile’s breach notification process, describing it as inadequate. Customers who were notified received vague texts that lacked crucial information and, in some instances, misrepresented the severity of the breach.

Strikingly, those whose Social Security numbers were compromised did not receive notifications regarding this critical exposure, while customers unaffected by such breaches were informed about their status.

The lawsuit also highlights T-Mobile’s ongoing cybersecurity failures leading up to the breach. Despite acknowledging its vulnerability to cyberattacks, T-Mobile reportedly continued to use weak passwords to protect sensitive information.

Prior to the 2021 incident, the company had faced several cyberattacks and had been warned that it remained a prime target for hackers.

Ferguson’s lawsuit alleges that T-Mobile’s actions violate Washington’s Consumer Protection Act, seeking civil penalties and restitution for affected residents.

It also calls for measures to enhance T-Mobile’s cybersecurity policies and improve transparency in communications regarding data protection.

Assistant Attorneys General Mina Shahin, Kathleen Box, Bret Finkelstein, Gardner Reed, Paralegal Matt Hehemann, Legal Assistant Luis Oida, and Investigator Steuart Markley are spearheading this case for Washington State.

As the legal proceedings unfold, the spotlight remains on the urgent need for robust cybersecurity practices in the telecommunications industry.

ANY.RUN Threat Intelligence Lookup - Extract Millions of IOC's for Interactive Malware Analysis: Try for Free

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Apple Releases Security Patches to Fix Critical Data Exposure Flaws

Apple released critical security updates for macOS Sequoia 15.5 on May 12, 2025, addressing over…

11 minutes ago

Lumma Stealer Upgraded with PowerShell Tools and Advanced Evasion Techniques

Sophos Managed Detection and Response (MDR) in September 2024, the notorious Lumma Stealer malware has…

11 hours ago

New Noodlophile Malware Spreads Through Fake AI Video Generation Platforms

Cybercriminals have unleashed a new malware campaign using fake AI video generation platforms as a…

11 hours ago

Kimsuky Hacker Group Deploys New Phishing Techniques and Malware Campaigns

The North Korean state-sponsored Advanced Persistent Threat (APT) group Kimsuky, also known as “Black Banshee,”…

11 hours ago

APT37 Hackers Use Weaponized LNK Files and Dropbox for Command-and-Control Operations

The North Korean state-sponsored hacking group APT37, also known as ScarCruft, launched a spear phishing…

11 hours ago

Open Source Linux Firewall IPFire 2.29 – Core Update 194 Released: What’s New!

IPFire, the powerful open-source firewall, has unveiled its latest release, IPFire 2.29 – Core Update…

15 hours ago