Washington authorities is suing T-Mobile for allegedly failing to reside cybersecurity vulnerabilities that enabled a hacker to expose the individual information of 79 cardinal group nationwide. The consumer protection suit filed by Washington Attorney General Bob Ferguson connected Monday stems from a cyberattack that began successful March 2021 and went unnoticed until T-Mobile disclosed the breach successful August.
The filing asserts that T-Mobile grounded to reside definite information vulnerabilities that the institution was alert of “for years,” and did not decently notify much than 2 cardinal Washington residents who were impacted by the breach. The suit accuses T-Mobile of downplaying the severity of the breach, which exposed the individual accusation of current, former, and prospective customers — including their names, telephone numbers, beingness addresses, dates of birth, Social Security numbers, and driver’s licence / ID numbers.
The notifications that T-Mobile issued astir the information breach violated the Consumer Protections Act by omitting cardinal accusation that made it difficult for group to measure if they were astatine consequence of personality theft aliases fraud, according to the filing. The suit besides says that T-Mobile “did not meet manufacture standards for cybersecurity” for years anterior to the hack, and utilized “obvious passwords” to protect accounts that could entree user information.
“This important information breach was wholly avoidable,” Ferguson said successful a statement. “T-Mobile had years to hole cardinal vulnerabilities successful its cybersecurity systems — and it failed.”
This isn’t the first clip that Washington authorities has taken action against T-Mobile, with Ferguson having successfully persuaded the institution to make clear the limitations of its “no-contract” wireless work scheme backmost successful 2013.
Ferguson’s latest suit is seeking compensation for customers impacted by the 2021 breach and a tribunal bid that would unit T-Mobile to bring its cybersecurity practices successful statement pinch manufacture standards, alongside improving transparency and connection astir early information breaches. This follows T-Mobile paying $350 cardinal successful 2022 to settee a class-action suit stemming from the 2021 hack, and a further $15.75 cardinal good past year complete an FCC investigation into its repeated cybersecurity incidents.