One of the lawyers representing consumers in the T-Mobile suit said they’re pleased with the settlement, which still needs approval from the US District Court for the Western District of Missouri. “By having statutory damages, that really changes the landscape for these kinds of settlements.” “The issue has always been proving damages,” said Robert Braun, a partner at Jeffer Mangels Butler & Mitchell LLP. As an alternative, consumers can seek fixed payments of $25 per person, or $100 for individuals in California, where a first-in-the-nation state privacy law lays out pre-set damages for data breaches. The proposed class action settlement estimates damages to consumers based on how much time they spent responding to the incident. The cyberattack against T-Mobile systems exposed customer details such as names, Social Security numbers, and phone numbers. That compares to Capital One’s $190 million data breach deal over an incident that impacted about 100 million people in the US. The agreement includes $350 million to pay claims from consumers, with another $150 million boost to security spending at T-Mobile, putting the pact among the biggest data breach settlements lately.Įquifax previously agreed to pay about $380 million to resolve allegations stemming from a 2017 data breach that affected approximately 147 million people. “A business decision was made to put this behind them as quickly as possible,” Balser said. T-Mobile hadn’t yet made legal arguments in favor of dropping the data breach suits, which were combined into one case. The deal comes less than a year after T-Mobile disclosed last August that a cyberattack compromised more than 76 million customer records. “As we continue to invest time, energy, and resources in addressing this challenge, we are pleased to have resolved this consumer class action filing,” T-Mobile said in a July 22 statement. The proposed T-Mobile settlement’s relatively large sum and quick resolution also set it apart from similar pacts with consumers. Their combined complaint alleged that T-Mobile tried to purchase the stolen customer data in exchange for its deletion from the forum. Some of the consumers in the T-Mobile case said they were notified by third-party monitoring companies that their personal information was found on the dark web. in data breach lawsuits brought against them.īeing able to follow exfiltrated data makes it easier to “connect the dots on causation,” Balser said, likely spurring T-Mobile to settle sooner. “So many people’s data has been pilfered in various breaches that it’s difficult, if not impossible, to trace the attempted misuse of data to a particular breach,” said David Balser, a partner at King & Spalding LLP who has defended companies including Capital One Financial Corp.
Consumers claimed in a series of class actions brought against T-Mobile that stolen personal information was put up for sale on a dark web forum, allegedly allowing for instances of actual and attempted identity theft and fraud. It was “aware of claims” and “actively investigating” them, the spokesperson said.T-Mobile US Inc.‘s $500 million deal to settle consumer claims brought over a 2021 hack would resolve a case that’s unusually focused on the flow of breached data.ĭata breach lawsuit plaintiffs often struggle to establish cause and effect between a cyberattack and consumer harm.
While it’s common for self-proclaimed hackers to exaggerate or fabricate claims, a T-Mobile spokesperson made it clear Sunday evening that the company was taking them seriously. The claims were first reported by Motherboard.
“We have been working around the clock to investigate claims being made that T-Mobile data may have been illegally accessed,” the statement said.Įarly Sunday, before allegations of a new T-Mobile breach were public, a self-proclaimed hacker said on social media and in a hacker forum that he had sensitive stolen information from 100 million customers, including driver’s license and Social Security numbers, and that the information for more than 30 million customers had never before been published. “We have determined that unauthorized access to some T-Mobile data occurred, however we have not yet determined that there is any personal customer data involved,” the company said in a statement emailed Monday afternoon.