T-Mobile has settled its $500 million lawsuit from the infamous 2021 data breach that it now says exposed 76.6 million US citizens’ data. The company is putting $350 million into a settlement fund for the victims. The other $150 million will be spent on strengthening their defences and making systems more secure over 2022 and 2023, in addition to the budget already assigned for the task.
The proposed settlement is yet to be approved by a judge, but if it is, the company will have 10 days to get the money ready to cover the cost of notifying people eligible for the claim. The agreement doesn’t exactly state how much each claimant would receive, but that can be difficult to estimate until it’s clear how many people end up claiming.
The lawsuit against the company accused it of failing to protect its past, present and potential customers’ data, in addition to not properly informing victims of the breach and having overall inadequate security measures. T-Mobile denies these claims in the settlement but says it expects to have to pay the claims.
The breach occurred in August last year when a threat actor claimed to have accessed T-Mobile’s databases containing over 100 million customer records, including Social Security numbers, names, addresses, and driver’s license information.
The breach was first noted when the attacker tried selling the entire database on a hacking forum for six Bitcoin. The threat actor also claims to have hacked into T-Mobile’s production, staging and development servers two weeks ago. This also includes an Oracle database server which has stores customer data.
T-Mobile ended up offering the hackers around $200,000 via a third party hired by the company to stop them from selling customer data. However, the attackers took the money and continued selling the data regardless.
Someone who writes/edits/shoots/hosts all things tech and when he’s not, streams himself racing virtual cars. You can reach out to Yadullah at [email protected], or follow him on Instagram or Twitter.