Were you a T-Mobile customer in 2021? If so, you could be owed a slice of a multimillion-dollar settlement the mobile operator offered after a massive data breach exposed sensitive information belonging to dozens of people. million users.
T-Mobilein response to a class action lawsuit stemming from the August 2021 hack, as well as investing $150 million in improving data security. If finally approved, the deal will be the second-largest data breach settlement in U.S. history, following Equifax’s $700 million payout in 2019.
T-Mobile did not admit any wrongdoing but, in a July 22 statement shared with CNETsaid he was “happy to have resolved this class action for consumers”.
“Customers come first in everything we do and protecting their information is a top priority,” he added. “Like any business, we are not immune to these criminal attacks.”
Cyberattacks aside, T-Mobile still expects to add 6 million to 6.3 million new customers this year – making it the industry leader in subscriber growth over rivals AT&T and Verizon.
Here’s what you need to know about the T-Mobile settlement, including who’s eligible for a payout, how much they might get, and when the money might arrive.
Learn more about class actionsfind out if you’re eligible for a payout from Facebook’s $90 million settlement or $45 million settlement.
What happened in the T-Mobile data breach case?
On August 15, 2021, T-Mobile reported that a cyberattack resulted in the theft of millions of personal details, including names, addresses, dates of birth, social security numbers, driver’s license details and other sensitive information. , including unique codes which individual phones identified.
It is unclear exactly how many people were hacked and how they were affected: according to to court recordsaround 76.6 million people had their data exposed, but T-Mobile claimed only the names, addresses and PINs of around 850,000 people were “compromise.”
An individual selling the information on the dark web for 6 bitcoins (about $277,000 at the time) said Vice they had data for over 100 million people, all compiled from T-Mobile servers.
John Binns, a 21-year-old living in Turkey, eventually took responsibility for the cyberattack, thewhich has plagued T-Mobile since 2015.
“I was freaking out because I had access to something big,” Binns said. The Wall Street Journal. “Their security is terrible.”
The July 24 settlement, filed in the U.S. District Court for the Western District of Missouri, merges at least 44 class action lawsuits alleging T-Mobile was lax on cybersecurity and failed to protect personal information.
How much money could I receive from the settlement?
Class members — in this case, people who were T-Mobile customers in August 2021 — could receive cash payments of $25, Reuters reportedor $100 for California residents.
It could also be a lot less, depending on how many people respond. In addition to paying claims, the $350 million is to be used to pay legal fees and administrative costs. Plaintiffs’ attorneys can charge up to 30% of the settlement, according to court documents.
Separately, certain individuals could receive up to $25,000 to cover losses they suffered as a direct result of the breach.
T-Mobile also offers two free years of McAfee Identity Theft Protection Service to anyone who thinks they have been a victim.
How do I know if I qualify for a payment from T-Mobile?
T-Mobile has not released full details of its payment plan. Typically, group members are notified that they are eligible by mail. (Full disclosure: This reporter was a T-Mobile customer at the time.)
Read more: How to protect your personal data after a security breach
Customers then have 90 days to submit claim forms or ask to opt out of the settlement and reserve the right to pursue their own separate legal claims, according to court documents.
It may take several months for individuals to find out whether they will receive any settlement money, Tech Crunch reported.
When will payments be made?
Qualifying band members likely won’t see any money until at least 2023.
T-Mobile has 30 days to provide the court with a list of class members, along with their phone numbers and mailing and email addresses, “to the extent possible.”
Once eligible parties are notified, claims can be submitted. Legal fees are deducted and the remaining money is divided among the class members who referred the claims. It could take months.
Moreover, the $350 million payout has only received preliminary approval. It still requires final approval from a judge, which T-Mobile said would come in December at the earliest.
What is T-Mobile doing to protect against future security breaches?
T-Mobile has “doubled down” on its fight against hackers, the company said in its July 22 statement, by bolstering employee training, collaborating with industry experts like Mandiant and Accenture on new protocols, and creating a cybersecurity office that reports directly to the head of the company. general manager, Mike Sievert.
Security Reporter Brian Krebs reported in April 2022 that T-Mobile fell victim to the Lapsus$ hacking group.
Hackers accessed employee accounts and attempted to find T-Mobile accounts associated with the Department of Defense and the FBI, TechCruch reported. They were thwarted by secondary authentication checks.