- T-Mobile is being sued by the state of Washington over a 2021 security breach incident.
- While T-Mobile already settled a class action lawsuit for $350 million around the breach, the new consumer protection suit accuses T-Mobile of failing to address cybersecurity vulnerabilities.
- Washington’s Attorney General further asserts T-Mobile not only knew about its poor security practices prior to the hack, it also mishandled how it alerted customers impacted by it.
T-Mobile has experienced several major data breach incidents in recent years, resulting in numerous lawsuits. One of the most significant breaches began in March 2021 and ultimately exposed the personal data of over 79 million people nationwide. T-Mobile already settled a class-action lawsuit over the incident for $350 million in 2022. However, the state of Washington has now filed a consumer protection lawsuit, alleging that T-Mobile failed to address the cybersecurity vulnerabilities that led to the hacks in the first place.
The new lawsuit, filed by Washington State Attorney General Bob Ferguson, alleges that T-Mobile was aware of its vulnerabilities for years and engaged in poor practices, including using obvious passwords to protect accounts that could access consumer information. Furthermore, the lawsuit claims T-Mobile failed to properly notify the more than two million Washington residents impacted by the breach.