Washington state has filed a lawsuit against T-Mobile following a 2021 data breach that exposed the personal information of over 2 million residents. The breach, which began in March 2021, went unnoticed for six months until customer data appeared on the dark web. Attackers used a brute force attack to infiltrate T-Mobile’s corporate network, compromising sensitive information, including Social Security numbers. The company admitted the breach in August 2021, but the response to the incident has become a point of contention.
The lawsuit, filed by Washington Attorney General Bob Ferguson, accuses T-Mobile of downplaying the severity of the breach and failing to notify affected individuals promptly. The company allegedly sent inadequate notifications to current customers, omitting critical information and, in some cases, providing misleading details about the nature of the breach. Customers whose Social Security numbers were exposed reportedly did not receive any notification about the exposure.
Ferguson argues that T-Mobile had a history of cybersecurity issues, citing prior cyberattacks that had made the company a target for hackers. Despite these previous breaches, the telecom giant is accused of not implementing sufficient security measures to prevent the 2021 attack. The lawsuit also claims that T-Mobile misrepresented its cybersecurity capabilities, giving customers a false sense of security about the safety of their personal data.
The legal action seeks a court order to mandate that T-Mobile improve its cybersecurity practices to meet industry standards. The state also demands civil penalties for violating the Consumer Protection Act and compensation for the damages suffered by affected customers. T-Mobile has responded to the lawsuit, expressing surprise at the filing and defending its current cybersecurity measures, while also indicating openness to further dialogue on the matter.
