Posted on July 24, 2022 at 12:49 PM
U.S telecom giant T-mobile has been asked to pay $350 million as a settlement for a class action lawsuit against the company. During last year’s data breach on the firm, the records of over 77 million subscribers and customers were exposed.
According to the settlement agreement reached with the US SEC, T-Mobile will be investing an additional $150 billion to improve its security and other related technology in 2022 and 2023.
The proposed agreement was filed in the federal court in Missouri and is a consolidation of over 40 other lawsuits filed after the breach was disclosed by the Telecom carrier in August 2021.
However, the agreement is still subject to the court’s decision and approval. The court’s decision is expected by December 2022, but it could be shifted to next year due to expected appeals or other proceedings.
T-Mobile Could Go To Appeal
T-Mobile is still standing on its grounds regarding the case. The telecom carrier is denying all the allegations made in the lawsuit, especially those that described the firm’s failure to protect customer data. T-Mobile says the settlement should not be taken as the admission of “liability, wrongdoing or responsibility.”
The firm has also countered all allegations of the Amended Complaint, also denying the accusations that it failed to provide adequate protection for customers’ information in line with its duties.
Other accusations have also been denied by the company. These include violation of state consumer status, the use of personal data of the affected individual, and inadequately or not properly notifying potentially impacted individuals.
Some reports revealed that one of the class members may likely receive cash payments of between $25 and $100 in California. On the other hand, others could get compensation as high as $25,000 to cover losses. The firm will also take them into its identity theft protection program. This is a usual procedure in case of data theft, where the hacker may likely carry out identity theft or phishing campaigns using the stolen data in the future.
T-Mobile To Also Record $400 Million As Pre-Tax
In line with the proposed class action settlement and other settlements, T-Mobile will be required to record a total pre-tax charge of about $400 million in Q2 2022, according to the SEC filing.
The breach of the company’s system as a result of the cyberattack in August last year. Apart from stealing the data of 70 million current and past customers of the firm, the hackers also tried to extort $2 million from Chief Executive Officer Mike Sievert.
After the leak, the internet was flooded with more than 100 million data records believed to have been released by the hackers. The record contained sensitive information such as names, driver’s license numbers, Social Security numbers, security PINs, date of birth, and addresses. These details can be essential for hackers or threat actors that want to carry out identity theft in the future.
At the time, it was alleged that a 21-year-old American John Binns executed the data breach. He took advantage of the vulnerability in a router belonging to T-Mobile. After discovering the router, he located a point of entry into the Wisconsin data center where he started stealing the data. At the time, Binns said T-Mobile’s security practices were “awful”. He claimed his motive for the attack wasn’t to make money but to gain recognition in the hacking world.
T-Mobile Has Suffered Several Attacks
T-Mobile suffered another attack this year, which makes it the second time the company will be exposed within 12 months. In April this year, the firm confirmed that the Lapsus$ ransomware group had access to its internal network and compromised employee accounts. However, it explained that the threat actors were unable to steal any sensitive government or customer data during the breach.
A leaked private message chat between members of the Lapsus$ group showed that T-Mobile’s server has been compromised several times, with lots of data stolen in the process.
And in another incident, the telecom service provider fell victim to a swim swapping attack earlier this year. However, the company played down the attack, saying the attack affected “a very small number” of its 105 million customers. These series of incidences somehow corroborated Binns’s statement that T-Mobile has a poor security system. Shortly after the attack, several individuals and companies filed a lawsuit for the company’s lack of diligence on the security of their servers.