T-Mobile has agreed to pay $350 million and invest another $150 million in data security improvements to settle litigation over the 2021 data breach that impacted over 76 million T-Mobile customers.
According to Reuters, the preliminary settlement was filed with the federal court in Kansas City, Missouri and is subject to a judge’s approval potentially by the end of this year.
T-Mobile disclosed the data breach in August 2021 and said at the time more than 47 million current, former or prospective customers were affected. However, the number soon grew over 50 million and eventually surpassed 76 million T-Mobile customers after it was discovered an additional 26 million people’s personal data was accessed via unauthorized means.
T-Mobile confirmed affected record types stolen in the breach included: names, home addresses, birth dates, driver’s licenses, and Social Security numbers.
A 21-year old American, John Binns, who moved to Turkey a few years earlier, admitted to the hacking. Binns explained to the Wall Street Journal that he exploited an unprotected router exposed on the internet to penetrate T-Mobile’s defenses and steal the data.
- Okta investigating reports of data breach by Lapsus$ ransomware cybercriminal group (updated)
- Panasonic confirms breach of file server
- Morgan Stanley confirms breach of customer SSNs via an exploit of vendor’s Accellion FTA vulnerability
- Threat actors breach South Korean atomic research institute via VPN vulnerability
- Alibaba leaks billions of data points via Chinese web crawler
- Personal data on 533 million Facebook users posted online
- Energy giant Shell latest victim in Accellion FTA cyberattacks
- T-Mobile security incident exposed customer phone numbers and call records