FlagThis

Washington state has filed a lawsuit against T-Mobile regarding the 2021 data breach that exposed the personal information of approximately 79 million people nationwide, including over 2 million Washington residents. The lawsuit alleges that T-Mobile was aware of security vulnerabilities for years but failed to address them, leading to the breach that began in March 2021 and went unnoticed for six months. The state claims the company also inadequately notified affected customers and downplayed the severity of the incident which involved sensitive information being sold on the dark web.

The lawsuit further asserts T-Mobile did not meet industry standards for cybersecurity and used weak passwords for accounts with access to consumer data. Washington Attorney General Bob Ferguson stated that the breach was avoidable, criticizing T-Mobile’s failure to fix known vulnerabilities. In addition to seeking compensation for those impacted, the state is also seeking a court order mandating T-Mobile to improve its cybersecurity practices, enhance transparency in future incidents, and align with industry standards. It has also been revealed that T-Mobile may have hired a third party firm to purchase leaked data in an attempt to prevent it being sold more widely.

ImgSrc: cdn.vox-cdn.com

References:

• www.bleepingcomputer.com - Washington state sues T-Mobile over 2021 data breach security failures - 22d
• The Verge - T-Mobile is under fire again over its 2021 data breach - 22d
• 9to5mac.com - 9to5Mac article on Washington state suing T-Mobile over the data breach. - 20d

Classification:

• HashTags: Tmobile DataBreach Privacy
• Company: T-Mobile
• Target: T-Mobile customers
• Product: T-Mobile Systems
• Feature: Data Breach
• Type: DataBreach
• Severity: Major