T-Mobile’s $350 million data breach settlement: Check if you’re eligible for a check
Were you a T-Mobile customer in August 2021? If so, you may be owed money as part of a sizable legal settlement. The mobile phone operator has agreed to pay $350 million tolinked to a massive data breach that exposed millions of users’ personal information.
The settlement also stipulates that T-Mobile invest $150 million in improving data security.
If finally approved, the deal will be the second-largest data breach settlement in U.S. history, after Equifax.. T-Mobile has not admitted any wrongdoing, but in a July 22 statement shared with CNET, the wireless carrier said it was “pleased to have this class action lawsuit resolved.”
“Customers come first in everything we do and protecting their information is a top priority,” T-Mobile added. “Like any business, we are not immune to these criminal attacks.”
Here’s what you need to know about the T-Mobile settlement, including who’s eligible for a payout, how much they might get, and when the money might arrive.
Learn more about class actionsfind out if you’re eligible for a payout from Facebook’s $90 million settlement or $45 million settlement.
What happened in the T-Mobile data breach case?
On August 15, 2021, T-Mobile reported that a cyberattack resulted in the theft of millions of personal details, including names, addresses, dates of birth, social security numbers, driver’s license details and other sensitive information. , including unique codes which individual phones identified.
It’s unclear exactly how many people were hacked and how they were affected: According to court filings, an estimated 76.6 million people had their data exposed, but T-Mobile claimed that only names, addresses and PIN codes of around 850,000 people had been “compromised”.
An individual selling the information on the dark web for 6 bitcoins (about $277,000 at the time) told Vice that they had data on over 100 million people, all compiled from T-Mobile servers.
John Binns, a 21-year-old living in Turkey, eventually took responsibility for the cyberattack, thewhich has plagued T-Mobile since 2015. “I was freaking out because I had access to something big,” Binns told The Wall Street Journal. “Their security is terrible.”
The July 24 settlement, filed in the U.S. District Court for the Western District of Missouri, merges at least 44 class action lawsuits alleging T-Mobile was lax on cybersecurity and failed to protect personal information.
Cyberattacks aside, T-Mobile still expects to add 6 million to 6.3 million new customers this year, making it the industry leader in subscriber growth over rivals AT&T and Verizon. .
How much money could I receive from the settlement?
Class members — in this case, people who were T-Mobile customers in August 2021 — could receive cash payments of $25, Reuters reported, or $100 for California residents.
It could also be a lot less, depending on how many people respond. In addition to paying claims, the $350 million is to be used to pay legal fees and administrative costs. Plaintiffs’ attorneys can charge up to 30% of the settlement, according to court documents.
Separately, certain individuals could receive up to $25,000 to cover losses incurred as a direct result of the breach.
T-Mobile is also offering two free years of McAfee’s identity theft protection service to anyone who thinks they’ve been a victim.
How do I know if I qualify for a payment from T-Mobile?
T-Mobile has not released full details of its payment plan. Typically, group members are notified that they are eligible by mail. (Full disclosure: This reporter was a T-Mobile customer at the time.)
Read more: How to protect your personal data after a security breach
Customers then have 90 days to submit claim forms or ask to opt out of the settlement and reserve the right to pursue their own separate legal claims, according to court documents.
It could take several months before individuals know if they will receive any settlement money, TechCrunch reported.
When will payments be made?
Qualifying band members likely won’t see any money until at least 2023.
T-Mobile has 30 days to provide the court with a list of class members, along with their phone numbers and mailing and email addresses, “to the extent possible.”
Once eligible parties are notified, claims can be submitted. Legal fees are deducted and the remaining money is divided among the class members who referred the claims. It could take months.
Moreover, the $350 million payout has only received preliminary approval. It still requires final approval from a judge, which T-Mobile said would come in December at the earliest.
What is T-Mobile doing to protect against future security breaches?
T-Mobile has “doubled down” on its fight against hackers, the company said in its July 22 statement, by bolstering employee training, collaborating with industry experts like Mandiant and Accenture on new protocols, and creating a cybersecurity office that reports directly to the head of the company. general manager, Mike Sievert.
Security reporter Brian Krebs reported in April 2022 that T-Mobile fell victim to the Lapsus$ hacking group.
The hackers accessed employee accounts and attempted to find T-Mobile accounts associated with the Department of Defense and the FBI, TechCrunch reported. They were thwarted by secondary authentication checks.