After the disclosure of millions of T-Mobile customers' personal information in a massive 2021 cyberattack, the telecom giant consented to a $350 million settlement to resolve a class action lawsuit this summer.
T-Mobile customers, both current and former, can now file a claim for their share of the payout.
The settlement, filed in July in the United States District Court for the Western District of Missouri, combines at least 44 separate class-action lawsuits. T-Mobile will invest $150 million in improving data security, in addition to cash payments.
The final approval is still pending, but if granted, this will be the second-largest data breach payout in US history, trailing only Equifax's $700 million settlement in 2019.
About the data breach:
T-Mobile reported on August 15, 2021, that a cyberattack had resulted in the theft of millions of people's personal information.
It's unclear how many people were hacked or how they were affected: T-Mobile claims that only about 850,000 people's names, addresses, and PINs were "compromised," but court filings show that 76.6 million people's data was exposed. And a person selling the information on the dark web for six bitcoin (approximately $277,000 at the time) told Vice they had data on more than 100 million people collected from T-Mobile servers.
John Binns, a 21-year-old living in Turkey, eventually admitted responsibility for the breach, the fifth such attack on T-Mobile since 2015. "I was panicking because I had access to something big," Binns told The Wall Street Journal. "Their security is awful."
T-Mobile settlement:
T-Mobile has identified 76 million US residents whose data was compromised as a result of the data breach.
The proposed settlement was mailed to class members, but you can check your status by emailing the Settlement Administrator or calling 833-512-2314. According to the settlement website, current and former T-Mobile customers are eligible for a $25 cash payment. Residents of California are entitled to $100.
If one had to spend time or money recovering from fraud or identity theft as a result of the breach, they can be reimbursed up to $25,000, but must submit extensive documentation to support the claim. T-Mobile is also providing two years of McAfee's ID Theft Protection Service for free to anyone who believes they were a victim of the hack.
The deadline to file a claim through the class-action website is Jan. 23, 2023. You can also mail a completed print claim form to:
T-Mobile Data Breach Settlement
c/o Kroll Settlement Administration LLC
P.O. Box 225391 New York, NY 10150-5391
The deadline to object to the settlement or be excluded from it is Dec. 8, 2022. The settlement's final approval hearing has been set for January 20, 2023. Payments are typically made within 90 days of settlement approval, though appeals may delay the process.
T-Mobile has "doubled down" on fighting hackers, according to a July 22 statement, by increasing employee training, collaborating on new protocols with industry experts like Mandiant and Accenture, and establishing a cybersecurity office that reports directly to the company's CEO, Mike Sievert.
T-Mobile was targeted by the hacker ring Lapsus$ in March 2022, according to security journalist Brian Krebs. Hackers gained access to employee accounts and attempted to locate T-Mobile accounts associated with the Department of Defense and FBI, according to TechCrunch, but were foiled by secondary authentication.