T-Mobile has been hit by a pair of class actions in federal court in Washington as the number of current and former customers affected by a cyberattack on the telecommunications giant grows.


One of the pursuits, Espanoza v. T-Mobile USA, accuses T-Mobile of exposing plaintiffs and class members to “considerable risk” due to the company’s inability to adequately protect its customers due to negligent conduct.

“Armed with the private information accessible during the data breach, data thieves can commit a variety of crimes including, but not limited to, fraudulently claiming unemployment benefits, opening new financial accounts on behalf of members group, contract loans on behalf of group members. , using information from group members to obtain government benefits (including unemployment benefits or COVID relief), filing fraudulent tax returns using information from group members, obtaining driver’s licenses in the name of the members of the group but with the photograph of another person and by providing false information to the police during an arrest ”, indicates the complaint.

The other legal action, Durwalla v. T-Mobile USA, alleges that victims have already spent up to 1,000 hours dealing with privacy concerns arising from the attack, including reviewing financial and credit statements for evidence of unauthorized activity.

“T-Mobile knew its systems were vulnerable to attack. Yet it has failed to implement and maintain reasonable security procedures and practices appropriate to the nature of the information to protect the personal information of its customers, once again putting millions of customers at risk of harm. scam and identity theft, ”adds the record. “Its customers expected and deserved better from the nation’s second largest wireless service provider.”

Together, the lawsuits seek a series of actions for violations of the Washington Consumer Protection Act and the California Consumer Privacy Act, including compensatory damages and reimbursement of out-of-pocket costs for efforts to repair any damage caused by the fraud.

The plaintiffs and class members are also asking for injunctive relief, such as improvements to T-Mobile’s data security systems, future annual audits, adequate company-funded credit monitoring services and a order prohibiting T-Mobile from keeping personal data on a cloud-based database.


T-Mobile previously reported that the breach compromised approximately 7.8 million current postpaid customer accounts and 40 million former or potential T-Mobile customers, stealing data including first and last name, date of birth, social security numbers and driver’s license / identity information.

T-Mobile said in an update on Friday that 5.3 million additional postpaid customer accounts and 667,000 accounts from former T-Mobile customers have also been identified as targets, along with names, addresses, dates of birth, phone numbers, IMEI and IMSI of customers, the typical identification numbers associated with a mobile phone, accessed illegally.

Teleprinter Security Last Switch Switch %
TMUS T-MOBILE US, INC. 141.81 +0.92 + 0.65%

T-Mobile continues to work “24 hours a day” on its investigation into the cyberattack.

“Our investigation is ongoing and will continue for some time, but at this point we are confident that we have closed the entry and exit points that the wrong actor used in the attack,” the company noted. .

In order to help its customers, the company is offering two years of free identity protection services with McAfee Identity Theft Protection Service to anyone who thinks they may be affected and recommends to all customers. eligible to sign up for free Scam Shield scam protection. In addition, approximately 850,000 active T-Mobile prepaid customer accounts that were exposed had their PINs reset.

T-Mobile pointed out that there is no indication that customers’ financial information, credit, debit card or other payment information has been accessed.

Source link