Washington State Filed Lawsuit Against T-Mobile Massive Data Breach

Washington State Attorney General Bob Ferguson filed a consumer protection lawsuit against T-Mobile for its alleged failure to secure sensitive personal information of over 2 million residents.

This lawsuit comes in the wake of a massive data breach that exposed the personal details of Washingtonians, putting them at heightened risk of fraud and identity theft.

The complaint, submitted to King County Superior Court, accuses T-Mobile of neglecting known cybersecurity vulnerabilities for years. Ferguson claims that despite being aware of these risks, T-Mobile misled consumers about its commitment to protecting their data.

Furthermore, the lawsuit alleges that the company did not adequately inform customers about the breach’s severity and failed to provide complete disclosure regarding the compromised information.

T-Mobile Massive Data Breach

“This significant data breach was entirely avoidable,” Ferguson stated emphatically. “T-Mobile had years to fix key vulnerabilities in its cybersecurity systems — and it failed.”

The breach, which was discovered in August 2021, revealed that hackers accessed T-Mobile’s internal network, compromising the personal data of over 79 million customers across the nation.

Among them, 2,025,634 residents from Washington were affected, with approximately 183,406 individuals having their Social Security numbers exposed. Other compromised data included names, phone numbers, physical addresses, and driver’s license information.

According to the lawsuit, the data breach spanned from March 2021 until August 12, 2021. It states that T-Mobile was unaware of the breach due to inadequate security monitoring until an external source alerted the company about its data being sold on the dark web.

Attorney General Ferguson criticized T-Mobile’s breach notification process, describing it as inadequate. Customers who were notified received vague texts that lacked crucial information and, in some instances, misrepresented the severity of the breach.

Strikingly, those whose Social Security numbers were compromised did not receive notifications regarding this critical exposure, while customers unaffected by such breaches were informed about their status.

The lawsuit also highlights T-Mobile’s ongoing cybersecurity failures leading up to the breach. Despite acknowledging its vulnerability to cyberattacks, T-Mobile reportedly continued to use weak passwords to protect sensitive information.

Prior to the 2021 incident, the company had faced several cyberattacks and had been warned that it remained a prime target for hackers.

Ferguson’s lawsuit alleges that T-Mobile’s actions violate Washington’s Consumer Protection Act, seeking civil penalties and restitution for affected residents.

It also calls for measures to enhance T-Mobile’s cybersecurity policies and improve transparency in communications regarding data protection.

Assistant Attorneys General Mina Shahin, Kathleen Box, Bret Finkelstein, Gardner Reed, Paralegal Matt Hehemann, Legal Assistant Luis Oida, and Investigator Steuart Markley are spearheading this case for Washington State.

As the legal proceedings unfold, the spotlight remains on the urgent need for robust cybersecurity practices in the telecommunications industry.

ANY.RUN Threat Intelligence Lookup - Extract Millions of IOC's for Interactive Malware Analysis: Try for Free