T-Mobile has agreed to pay $500 million to settle a class action lawsuit stemming from the 2021 hack that it says exposed the data of about 76.6 million U.S. residents. According to the proposed settlement filed on Friday, which you can read in full below, T-Mobile will put $350 million into a settlement fund to go to attorneys, fees and, of course, people filing claims. It will also be forced to spend $150 million on “data security and related technologies” in 2022 and 2023, on top of what it had already planned.
In August, the company announced that its systems had been hacked, following reports that the Social Security numbers, names, addresses and driver’s license information of more than 100 million of its customers were found. on sale. While the number turned out to be slightly inflated, T-Mobile’s figure for the number of people affected continued to rise for the rest of the month. The T-Mobile CEO called the security breach – his fifth in four years – “humiliating”.
The proposed settlement agreement still needs to be approved by a judge, but if so, T-Mobile will have 10 days to pay money into the fund to cover the cost of notifying those eligible for the claim. . According to the settlement, this covers “the approximately 76.6 million U.S. residents identified by T-Mobile whose information was compromised in the data breach,” with some caveats for some of the carrier’s employees and people close to the parties. judges who presided over the case. . In the interest of full disclosurethis could very well mean that I am eligible to seek compensation, as I was a T-Mobile customer when the hack happened.
The settlement agreement doesn’t contain estimates of how much each plaintiff can expect to receive, though it’s hard to estimate that sort of thing until it’s clear how many people will make complaints.
The lawsuit T-Mobile hopes to settle here has accused the company of failing to protect the data of its past, present and potential customers, of failing to properly notify those who may have been affected and, overall, of have “inadequate data security”. T-Mobile denies those allegations in the settlement, saying the settlement does not constitute an admission of guilt. In a filing with the Securities and Exchange Commission, the carrier says it “has the right to terminate the agreement under certain conditions” set out in the proposed agreement, but expects to have to pay the claims.
Outside of this lawsuit, there have been other data breach responses from T-Mobile and others like it. The FCC has proposed new rules regarding these attacks, which aim to improve how a company communicates with people about their data.