T-Mobile is being sued once again by the state of Washington over the 2021 data breach that exposed sensitive information of more than 79 million people. The edge information. He lawsuit The lawsuit filed Monday alleges that T-Mobile had been aware of several security holes in its systems for years but took no action. As a result, a hacker managed to breach T-Mobile in March 2021 and went undetected until August of the same year, when an “anonymous cybersecurity threat intelligence company” told T-Mobile what was happening.
Beyond alleging that T-Mobile knew about these flaws and took inadequate steps to address them, Washington State Attorney General Bob Ferguson also claims that T-Mobile's notifications to customers affected by the breach were inadequate and misleading. The text messages were brief and did not reveal the full extent of the breach, only telling customers that debit and credit card information was not exposed and failing to mention that their Social Security numbers and other personally identifiable information They were engaged.
Among the victims of the breach were two million Washington residents. Information from T-Mobile's databases was later sold on the dark web to the highest bidder. T-Mobile even allegedly hired a third party to buy exclusive access to the data.
In more ways than one, this isn't T-Mobile's first rodeo. The company was already defendant by AG Ferguson more than a decade ago for “misleading” advertisements. It has also been the subject of a breach since 2021, specifically the 2024 “Salt Typhoon” attacks against commercial telecommunications companies. T-Mobile claims its systems and data were not significantly affected.
