The class-action lawsuits allege T-Mobile violated the California Consumer Privacy Act.

Edward Gately, Senior News Editor

August 23, 2021

3 Min Read
Data breach

More than 53 million T-Mobile customers have been impacted by a recent data breach, which has now prompted two class-action lawsuits.

T-Mobile said it discovered another 5.3 million current customers and 667,000 former customers had their information stolen.

The private information compromised in the T-Mobile data breach includes names, phone numbers, drivers’ licenses, government identification numbers, Social Security numbers, dates of birth, and T‐Mobile account PINs.

“We continue to have no indication that the data contained in any of the stolen files included any customer financial information, credit card information, debit or other payment information,” T-Mobile said. “Our investigation is ongoing and will continue for some time, but at this point, we are confident that we have closed off the access and egress points the bad actor used in the attack.”

Class-Action Lawsuits

In addition, ongoing and previous T-Mobile customers have filed two class-action lawsuits against the carrier in the U.S. District Court for the Western District of Washington. Both lawsuits accuse T-Mobile of violating the California Consumer Privacy Act (CCPA). Moreover, one of them accuses the carrier of violating the Washington State Consumer Protection Act.

Bloomberg broke the news of the lawsuits.

The plaintiffs in one of the suits are T-Mobile customers Veera Daruwalla and Lavicieia Sturdivant, and previous customer Michael March.

According to the complaint, the plaintiffs and class members face an “imminent and substantial risk of injury” from identity theft and related cyber crimes due to the data breach.

“Once data is stolen, malicious actors will either exploit the data for profit themselves or sell the data on the dark web, as occurred here, to someone who intends to exploit the data for profit,” it said. “Hackers would not incur the time and effort to steal personally identifiable information (PII) and then risk prosecution by listing it for sale on the dark web if the PII was not valuable to malicious actors.”

As the target of many data breaches in the past, T-Mobile “knew its systems were vulnerable to attack,” according to the complaint. However, it yet again failed to protect its customers’ personal information.

“Its customers expected and deserved better from the second-largest wireless provider in the country,” it said.

Data Thieves Can Commit ‘Variety of Crimes’

The plaintiffs in the other class-action suit are T-Mobile customers Stephanie Espanoza, Jonathan Morales and Alex Pygin. T-Mobile notified both Espanoza and Morales that some of their personal information was stolen during the breach.

According to the complaint, data thieves can commit a variety of crimes with plaintiffs’ stolen data. That includes fraudulently applying for unemployment benefits, opening new financial accounts in class members’ names, taking out loans in class members’ names, using class members’ information to obtain government benefits including unemployment or COVID-19 relief benefits, filing fraudulent tax returns using class members’ information, obtaining driver’s licenses in class members’ names but with another person’s photograph, and providing false information to police during an arrest.

Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn.

Read more about:


About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like