2. Casey Ellis, Bugcrowd
T-Mobile has agreed to pay $350 million to customers in a class-action lawsuit related to personal information stolen in a 2021 cyberattack.
T-Mobile disclosed the proposed settlement in a U.S. Securities and Exchange Commission filing. The lawsuit is pending in the U.S. District Court for the Western District of Missouri. The proposed settlement remains subject to preliminary and final court approval.
This is not T-Mobile’s first cyberattack rodeo. It has disclosed numerous data breaches since 2018.
Casey Ellis is founder and CTO of Bugcrowd. He made waves for his balanced assessment of T-Mobile’s predicament.
“On one hand, $350 million is a lot of money, and is a clear signal of the kinds of recovery and punitive costs which can be involved when a breach like this takes place,” he said. “On the other hand, 40 million records were involved in this breach overall. And a per-record penalty of $8.75 for losing something as impactful and difficult to protect and replace as a Social Security number seems like T-Mobile managed to get off fairly lightly here.”
Read more cybersecurity expertise about T-Mobile’s data breach here.
