Posted on 07/26/2022 12:04:33 PM PDT by Red Badger
Close to 77 million customers were impacted by a massive hack last year.
T-Mobile has agreed to a $350 million settlement in a class action suit that alleged it allowed sensitive information from millions of current, past and prospective customers to be stolen by hackers last year.
If approved, the deal will be the second-largest data-breach settlement in US history, after Equifax's agreement to pay $700 million in 2019.
The mobile carrier has not acknowledged any wrongdoing but in a statement shared with CNET, T-Mobile said it was "pleased to have resolved this consumer class action filing."
"Customers are first in everything we do and protecting their information is a top priority," T-Mobile added. "Like every company, we are not immune to these criminal attacks."
In addition to paying affected customers, T-Mobile will invest $150 million in improving its data security, according to SEC filings.
Here's what you need to know about the T-Mobile data-breach settlement, including who's eligible for a payout, how much they could get and when the money might arrive.
For more, find out if you qualify for Facebook's $90 class action settlement.
What happened in the T-Mobile data-breach case?
On August 15, 2021, T-Mobile reported a cyberattack had led to the theft of millions of people's personal information. According to court documents, names, addresses, dates of birth, Social Security numbers, driver's license details and other sensitive information were exposed, including unique codes that identified individual phones.
Exactly how many people were affected is unclear: According to court filings, 76.6 million people had their data exposed, but T-Mobile has claimed only about 850,000 people's names, addresses and PINs were "compromised."
An individual selling the information on the dark web for 6 bitcoin (approximately $277,000 at the time) told Vice they had data relating to over 100 million people, all compiled from T-Mobile servers.
John Binns, a 21-year-old living in Turkey, eventually took responsibility for the cyberattack, the fifth such attack that has hit T-Mobile since 2015.
"I was panicking because I had access to something big," Binns told The Wall Street Journal. "Their security is awful."
The July 24 settlement, filed in the US District Court for the Western District of Missouri, merges at least 44 class action suits that claimed T-Mobile was lax with its cybersecurity and failed to protect personal information.
How do you find out if you qualify for a payment?
T-Mobile has not released the full details of its payment plan. Typically class members -- in this case, people who were T-Mobile customers in August 2021 -- are notified they are eligible by mail. (Full disclosure: This reporter was a T-Mobile customer at that time.)
Read more: How to Protect Your Personal Data After a Security Breach
Customers are then given 90 days to submit claim forms or request to opt out of the settlement and reserve the right to pursue their own separate legal claims, according to court papers.
It could be several months before individuals find out if they will receive money from the settlement, TechCrunch reported.
After being notified, affected customers will be given 90 days to submit claim forms or request to opt out of the settlement.
How much money could you receive? Class members could receive cash payments of $25, Reuters reported, or $100 for California residents.
It could also be substantially less, depending on how many people respond. In addition to paying out claims, the $350 million has to go toward settling legal fees and administrative costs. The plaintiffs' lawyers may charge up to 30% of the settlement, according to court filings.
Separately, some people could receive as much as $25,000 to cover losses they suffered as a direct result of the breach.
T-Mobile is also offering two free years of McAfee's ID Theft Protection Service to anyone who believes they may have been a victim.
When might you receive your money?
Even if you qualify, you likely won't see any money until at least 2023.
T-Mobile has 30 days to provide the court with a list of class members, along with their phone number and mailing and email addresses, "to the extent available."
Once eligible parties are notified, claims are submitted, legal fees are deducted and the remaining money is divvied up among class members who sent back claim forms. That likely will take months.
In addition, the $350 million payout is preliminary. It still requires final approval from a judge, which T-Mobile says would come by December at the earliest.
What is T-Mobile doing to protect against future security breaches?
T-Mobile has "doubled-down" on fighting hackers, the company said in its July 22 statement, by boosting employee training, collaborating with industry experts like Mandiant and Accenture on new protocols and creating a cybersecurity office that reports directly to the company's chief executive officer, Mike Sievert.
Security journalist Brian Krebs reported in April 2022 that T-Mobile was a victim of the hacking group Lapsus$.
The hackers accessed employee accounts and attempted to find T-Mobile accounts associated with the Department of Defense and FBI, TechCruch reported. They were thwarted by secondary authentication checks.
I have had credit card info stolen three times, the bank caught every one of them lifelok was silent.
Loser pays would solve it, but the DC Uniparty gets too much money from trial lawyers for that to ever happen.
Nothing except self-respect.
25 bucks, woop-de-do.🙄
I got 85 cents from a huge class action lawsuit. It wasn’t even worth the gas to drive to the bank and cash it. After “The Big Guy” gets his cut and the lawyers get their hundreds of millions any victim will be left with the same sub one dollar settlement.
Identity theft works by flashing your phone then taking all of your personal information, draining your bank accounts, opening lines of credit in your name and running them, purchasing homes in your name, applying for government aid in your name and the list goes on.
They can also change the password on your email accounts ... Locking you out of your own accounts. It happened to me. It is a nightmare to recover from and takes hundreds of hours if you have a lot of online accounts for various things.
T-Mobile could start by not having you scream out your social security number, phone number and password everytime you enter their store.
I’m with Tello a T-Mobile MVNO. Best I can figure the data breach didn’t effect me?
I don’t keep financial information on my phone. I use a dedicated laptop for logging into brokers & bank. That is the only place for my money. That laptop never accesses any other web sites. I have used this method for 20+ years and no problems. I use a separate laptop for browsing and that one was attacked by ransomware and viruses. I just laugh, format the hard disk, install fresh copy of operating system and laptop runs like new again.
And I do not use T-mobil.
One more thing. I use a separate email account for correspondence from brokers and bank. It is not used from phone or the browsing laptop. Unless they hack into my financial laptop, no one knows username or password of that email.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.