The state of Washington is suing T-Mobile for allegedly failing to address cybersecurity vulnerabilities that enabled a hacker to expose the personal data of 79 million people nationwide. The Filed a consumer protection lawsuit Washington Attorney General Bob Ferguson said on Monday that it stemmed from a cyber attack that began in March 2021 and went unnoticed until then. T-Mobile disclosed the breach in August.
The filing claims that T-Mobile failed to address certain security vulnerabilities the company was aware of “for years” and did not properly notify the more than two million Washington residents who were affected by the breach. The lawsuit accuses T-Mobile of downplaying the seriousness of the breach, which exposed the personal information of current, former and potential customers — their names, phone numbers, physical addresses, dates of birth, Social Security numbers. , and ID number including driver’s license.
According to the filing, the notifications T-Mobile released about the data breach violated the Consumer Protection Act by omitting key information that made it difficult for people to assess whether they were at risk of identity theft or fraud, the filing said. According to The lawsuit also says T-Mobile “did not meet industry standards for cybersecurity” for years before the hack and used “obvious passwords” to protect accounts that could access user information. are
“This significant data breach was entirely avoidable,” Ferguson said in a statement. “T-Mobile has had years to fix key weaknesses in its cybersecurity systems — and it has failed.”
This isn’t the first time Washington state has taken action against T-Mobile. With Ferguson successfully persuaded The company would clarify the limits of its “no-contract” wireless service plan back in 2013.
Ferguson’s latest lawsuit is seeking compensation for customers affected by the 2021 breach and a court order that would force T-Mobile to bring its cybersecurity practices in line with industry standards, as well as around future data breaches. Will improve transparency and communication. It follows that T-Mobile is paying $350 million in 2022 2021 to settle a class-action lawsuit stemming from the hack, and another $15.75 million in fines last year After an FCC investigation into its repeated cybersecurity incidents.
