After a massive data breach exposed the personal information of millions of current and former T-Mobile customers, the carrier agreed to a $350 million class action settlement to resolve claims its negligence lead to the cyberattack.
Plaintiffs in the case, In re T-Mobile Customer Data Security Breach Litigation (PDF), claim T-Mobile’s privacy center assured consumers “you can trust us to do the right thing with your data.”
“But, as T-Mobile admitted, it completely failed to meet these obligations and protect sensitive consumer data,” their complaint read. “Instead, T-Mobile suffered one of the largest and most consequential data breaches in U.S. history, compromising the sensitive personal information of over 75 million consumers.”
If the $350 million deal receives final approval, it will be the second-largest data breach payout in US history, following Equifax’s $700 million settlement in 2019.
T-Mobile hasn’t acknowledged any wrongdoing but, in a statement shared with CNET, said that, “like every company, we are not immune to these criminal attacks.”
It agreed to a settlement in July and the deadline to file a claim for money is just a few weeks away.
Here’s what you need to know about the T-Mobile data breach, including how to find out if you’re eligible for payment, how much you might get and the deadline to file a claim.
For more on class action suits, find out if you qualify for Smashburger’s $5 million false-advertising payout or Keurig’s $10 million settlement over K-Cups’ recyclability.
What happened in the T-Mobile data breach case?
On Aug. 15, 2021, T-Mobile reported that a cyberattack had led to the theft of millions of people’s personal information.
Exactly how many people were hacked and how they were impacted isn’t clear: T-Mobile has said that only about 850,000 people’s names, addresses and PINs were “compromised.”
According to court filings, however, approximately 76.6 million people had their data exposed. And an individual selling the information on the dark web for six bitcoin (approximately $277,000 at the time) told Vice they had data relating to more than 100 million people, all compiled from T-Mobile servers.
John Binns, 21, eventually took responsibility for the breach — the fifth such attack on T-Mobile since 2015.
“I was panicking because I had access to something big,” Binns told The Wall Street Journal. “Their security is awful.”
Who is eligible for money in the settlement?
T-Mobile has identified 76 million past and present customers in the US whose information was potentially compromised in the data breach, though the final number may be even higher.
Most class members were notified of the proposed settlement by mail, but you can confirm your status by emailing the settlement administrator or calling 833-512-2314.
The deadline to be excluded from the settlement and retain your rights to file a separate lawsuit was Dec. 8, 2022.
How much money could I receive from the T-Mobile settlement?
Current and former T-Mobile customers are eligible for a $25 cash payment, according to the settlement website. California residents are entitled to $100.
You can be reimbursed up to $25,000 if you had to spend time or money to recover from fraud or identity theft relating to the breach, though you must submit extensive documentation supporting your claim.
T-Mobile is also offering two free years of McAfee’s ID Theft Protection Service to anyone who believes they may have been a victim of the hack.
A final approval hearing for the settlement has been scheduled for Jan. 20, 2023. Payments are typically sent out within 90 days of settlements being approved, though appeals could slow down the process.
“This may take several months or more,” according to the settlement website. “Please be patient.”
In addition to cash payments to affected customers, T-Mobile has agreed to invest $150 million in improving data security.
How do I file a claim?
You can submit a claim via the settlement website or also mail a completed claim form to:
T-Mobile Data Breach Settlement
c/o Kroll Settlement Administration LLC
P.O. Box 225391
New York, NY 10150-5391
Claims must be submitted by 11:59 p.m. PT on Jan. 23, 2023, or be postmarked by that date
What’s T-Mobile doing to protect against future data breaches?
T-Mobile has “doubled down” on fighting hackers, the company said in its July 22 statement. It is boosting employee training, collaborating on new protocols with industry experts like Mandiant and Accenture and creating a cybersecurity office that reports directly to CEO Mike Sievert.
T-Mobile also fell prey to the hacker ring Lapsus$ in March 2022. Hackers accessed employee accounts and attempted to find T-Mobile accounts associated with the Department of Defense and FBI, TechCrunch reported.
They were thwarted by secondary authentication checks.
Read more: How to Protect Your Personal Data After a Security Breach
Read More: news.google.com