T-Mobile-US has agreed to pay $350m to settle class action claims related to a 2021 cyber-attack which impacted approximately 80 million US residents.
On Friday, in a filing with the Securities and Exchange Commission (SEC), it was explained that the money would be used to “fund claims submitted by class members, legal fees of plaintiffs’ counsel and the costs of administering the settlement.”
The mobile network said that it would also put an additional $150million into data security and “related” technology over the next two years. The carrier is one of the largest in the US after its acquisition of Sprint in 2020.
The settlement, which is subject to final court approval, contains no admission of “liability, wrongdoing or responsibility.”
This case related to a major data breach first disclosed last August, affecting over 80 million former, current and prospective customers. This estimation has gone up from the 55 million estimated at the end of August 2021.
Oliver Tavakoli, CTO at Vectra, said “T-Mobile has repeatedly been lax in applying minimally acceptable controls to prevent these violations of end user’s privacy.”
“Note that some of the data leaked was private information collected from individuals whose applications for phones T-Mobile rejected several years prior to the breaches – information which they had no rationale to even keep.”
T-Mobile has suffered repeated breaches and cybersecurity incidents in the last few years.