Update from January 7, 2025:
T Mobile says it has been in discussions with the Washington AG for years regarding the 2021 incident and is surprised by its decision to file a lawsuit. The company has rejected the claims in the filing but is open to continued negotiations.
We have had numerous conversations with the Washington AG’s office over the past several years about this 2021 incident and even reached out in late November to continue the discussion, so the office’s decision to file a lawsuit today does not come as a surprise. Came in the form. Although we disagree with their approach and the claims in the filing, we remain open to further dialogue and welcome the opportunity to resolve this issue, as we have already done with the FCC. We’re also eager to share how T-Mobile has fundamentally changed our approach to cybersecurity over the past four years to protect our customers.
T Mobile Spokesperson, January 2025
The original story for January 7, 2025 is as follows:
T Mobilehas been sued againThis time by Washington-based Attorney General Bob Ferguson. Ferguson has filed a consumer protection lawsuit against the carrier for not protecting more than 2 million Washington residents from the 2021 data breach.T Mobile It has been violated several times in recent years. The lawsuit relates to a breach that began in March 2021 and continued until August 2021, when it was discovered by an external source, who notified the company. During the attack, a hacker was able to access the carrier’s internal network and steal and sell information belonging to more than 79 million consumers on the dark web. Compromised data included names, social security numbers, phone numbers, addresses and driver’s license information Lawsuit revolves around preventable nature the attack he is accused of T MobileFailure to address certain cybersecurity vulnerabilities that it had known about for years. The company also did not meet industry standards for cybersecurity and used easily guessed passwords for some accounts containing sensitive customer information. The lawsuit says the hacker anticipated their entry. T Mobile’s internal databases, making the 2021 breach possible.
The lawsuit shows that the network configuration was inadequate and did not impose any limits on authentication attempts.
T MobileThe U.S.’s monitoring and alerting system was not able to detect the presence of a threat actor and the breach would have continued for a longer period of time had it not been alerted by an external source.
T Mobile He had been attacked several times before in 2021, and he knew he would continue to be a target of cyber attacks and security incidents. More specifically, its systems were only accessed by unauthorized personnel five times between 2017 and mid-2022.
it didn’t matter T Mobile Giving your customers the impression that their data is safe with it.
The lawsuit also accuses the company of downplaying the seriousness of the breach and not properly disclosing it to Washington residents. This affected their ability to properly assess the risk of identity theft or fraud and mitigate any potential impacts, such as implementing a security freeze.
Ferguson is seeking injunctive relief and damages as well as reimbursement of costs, including attorney’s fees.
John Binns, the man believed to be responsible for the 2021 attack, was arrested in may,
T Mobile It had previously agreed to pay $350 million to settle another class action lawsuit filed by customers over a data breach. this also Settled with the Federal Communications Commission (FCC) for $31.5 million On violations occurring in 2021, 2022 and 2023.
