T-Mobile is paying $350 million to settle allegations of negligence in a data breach that exposed millions of customers’ personal information, according to an article published by CNN on July 25, 2022. The settlement, which is the second-largest data breach payout in US history, was agreed upon in July.
T-Mobile reported a cyberattack on August 17, 2021 that affected more than 76.6 million customers, as stated on their published article on August 27, 2021. The stolen data included names, addresses, PINs, and other personal information. An individual selling the data on the dark web claimed to have information on over 100 million T-Mobile users. The breach was the fifth attack on T-Mobile since 2015 and 21-year-old John Binns was identified as the responsible party. Binns described T-Mobile’s security as “awful”.
T-Mobile is offering $25 cash payments to current and former US customers potentially impacted by the data breach, with California residents eligible for $100. Customers can also be reimbursed up to $25,000 for fraud or identity theft recovery if they provide documentation. It is also offering two free years of McAfee’s ID Theft Protection Service and investing $150 million in improved data security.
A final approval hearing for the settlement is scheduled for Jan. 20, and payments will likely be sent out within 90 days.