T-Mobilein a class action lawsuit alleging he enabled the theft of sensitive information of millions of current, past and potential customers by hackers last year.
If approved, the deal will be the second-largest data breach settlement in U.S. history, after Equifax agreed to pay $700 million in 2019.
The mobile operator did not admit any wrongdoing, but in a statement shared with CNETT-Mobile said it was “pleased to have resolved this class action.”
“Customers come first in everything we do and protecting their information is a top priority,” T-Mobile added. “Like any business, we are not immune to these criminal attacks.”
In addition to paying affected customers, T-Mobile will invest $150 million in improving its data security, according to SEC filings.
Here’s what you need to know about T-Mobile’s data breach settlement, including who’s eligible for a payout, how much they might get, and when the money might arrive.
For more, find out if you qualify for Facebook’s $90 class action settlement.
What happened in the T-Mobile data breach case?
On August 15, 2021, T-Mobile reported that a cyberattack resulted in the theft of millions of personal information. According court documentsnames, addresses, dates of birth, social security numbers, driver’s license details and other sensitive information were exposed, including unique codes identifying individual phones.
It is not known exactly how many people have been affected: according to to court records76.6 million people had their data exposed, but T-Mobile said only the names, addresses and PINs of about 850,000 people were “compromise.”
An individual selling the information on the dark web for 6 bitcoins (about $277,000 at the time) said Vice they had data for over 100 million people, all compiled from T-Mobile servers.
John Binns, a 21-year-old living in Turkey, eventually took responsibility for the cyberattack, thewhich has plagued T-Mobile since 2015.
“I was freaking out because I had access to something big,” Binns said. The Wall Street Journal. “Their security is terrible.”
The July 24 settlement, filed in the U.S. District Court for the Western District of Missouri, merges at least 44 class action lawsuits alleging T-Mobile was lax on cybersecurity and failed to protect personal information.
How do you know if you are entitled to a payment?
T-Mobile has not released full details of its payment plan. Typically, class members — in this case, people who were T-Mobile customers in August 2021 — are notified that they’re eligible by mail. (Full disclosure: This reporter was a T-Mobile customer at the time.)
Read more: How to protect your personal data after a security breach
Customers then have 90 days to submit claim forms or ask to opt out of the settlement and reserve the right to pursue their own separate legal claims, according to court documents.
It may take several months for individuals to find out whether they will receive any settlement money, Tech Crunch reported.
How much money could you receive?
Class members could receive cash payments of $25, Reuters reportedor $100 for California residents.
It could also be a lot less, depending on how many people respond. In addition to paying claims, the $350 million is to be used to pay legal fees and administrative costs. Plaintiffs’ attorneys can charge up to 30% of the settlement, according to court documents.
Separately, certain individuals could receive up to $25,000 to cover losses they suffered as a direct result of the breach.
T-Mobile also offers two free years of McAfee Identity Theft Protection Service to anyone who thinks they have been a victim.
When could you receive your money?
Even if you qualify, you probably won’t see money until at least 2023.
T-Mobile has 30 days to provide the court with a list of class members, along with their phone numbers and mailing and email addresses, “if possible.”
Once eligible parties are notified, claims are submitted, legal fees are deducted, and the remaining money is distributed among class members who returned claim forms. It will probably take months.
Additionally, the $350 million payment is preliminary. It still requires final approval from a judge, which T-Mobile said would come December at the earliest.
What is T-Mobile doing to protect against future security breaches?
T-Mobile has “doubled down” on its fight against hackers, the company said in its July 22 statement, by bolstering employee training, collaborating with industry experts like Mandiant and Accenture on new protocols, and creating a cybersecurity office that reports directly to the head of the company. general manager, Mike Sievert.
Security Reporter Brian Krebs reported in April 2022 that T-Mobile fell victim to the Lapsus$ hacking group.
Hackers accessed employee accounts and attempted to find T-Mobile accounts associated with the Department of Defense and the FBI, TechCruch reported. They were thwarted by secondary authentication checks.