Current and past T-Mobile customers may be owed a portion of a $350 million settlement stemming from a 2021 cyberattack that exposed more than 100 million users’ personal information.
In addition to Social Security numbers, hackers accessed customers’ names, addresses, birth dates, driver’s license details and unique phone codes. The deal is still pending final approval, but if it’s approved it’ll be the second-largest data breach settlement in US history, following Equifax’s $700 million settlement in 2019.
T-Mobile hasn’t acknowledged any wrongdoing but, in a statement shared with CNET, said it was “pleased to have resolved this consumer class action filing.”
“Customers are first in everything we do and protecting their information is a top priority,” the carrier said. “Like every company, we are not immune to these criminal attacks.”
Here’s what you need to know about the T-Mobile data breach, including how to find out if you’re eligible for payment, how much you might get and the deadline to file a claim.
For more on class action suits, find out if you qualify for AT&T’s $14 million hidden-fees payout or Robinhood’s $20 million data breach settlement.
What happened in the T-Mobile data breach case?
On Aug. 15, 2021, T-Mobile reported that a cyberattack had led to the theft of millions of people’s personal information.
Exactly how many people were hacked and how they were impacted isn’t clear: T-Mobile has said that only about 850,000 people’s names, addresses and PINs were “compromised,” though according to court filings, approximately 76.6 million people had their data exposed.
And an individual selling the information on the dark web for six bitcoin (approximately $277,000 at the time) told Vice they had data relating to more than 100 million people, all compiled from T-Mobile servers.
John Binns, a 21-year-old living in Turkey, eventually took responsibility for the breach, the fifth such attack on T-Mobile since 2015. “I was panicking because I had access to something big,” Binns told The Wall Street Journal. “Their security is awful.”
A settlement filed in the US District Court for the Western District of Missouri in July 2022 merges at least 44 separate class-action suits alleging T-Mobile was lax with its cybersecurity. It also stipulates that T-Mobile invest $150 million in improving data security.
How much money could I receive?
Current and former T-Mobile customers are eligible for a $25 cash payment, according to the settlement website. California residents are entitled to $100.
You can be reimbursed up to $25,000 if you had to spend time or money to recover from fraud or identity theft relating to the breach, though you must submit extensive documentation supporting your claim.
T-Mobile is also offering two free years of McAfee’s ID Theft Protection Service to anyone who believes they may have been a victim of the hack.
When’s the deadline to file a claim?
T-Mobile has identified 76 million US residents whose information was compromised in the data breach. Class members were notified of the proposed settlement by mail, but you can confirm your status by emailing the Settlement Administrator or calling 833-512-2314.
The deadline to file a claim through the class-action website is Jan. 23, 2023. You can also mail a completed print claim form to:
T-Mobile Data Breach Settlement
c/o Kroll Settlement Administration LLC
P.O. Box 225391 New York, NY 10150-5391
The deadline to object to the settlement or be excluded from it is Dec. 8, 2022.
When will T-Mobile send out checks?
A final approval hearing for the settlement has been scheduled for Jan. 20, 2023. Payments are typically sent out within 90 days of settlements being approved, though appeals could slow down the process.
What’s T-Mobile doing to protect against more data breaches?
T-Mobile has “doubled-down” on fighting hackers, the company said in its July 22 statement, by boosting employee training, collaborating with industry experts like Mandiant and Accenture on new protocols and creating a cybersecurity office that reports directly to the company’s chief executive officer, Mike Sievert.
Since the 2021 attack, T-Mobile fell prey to the hacker ring Lapsus$ in March 2022, security journalist Brian Krebs reported.
Hackers accessed employee accounts and attempted to find T-Mobile accounts associated with the Department of Defense and FBI, TechCrunch reported, but they were thwarted by secondary authentication checks.
Read more: How to Protect Your Personal Data After a Security Breach
Read More: www.cnet.com