Washington State is suing T-Mobile for a massive data breach affecting 79 million Americans. The lawsuit alleges that T-Mobile knew about serious cybersecurity weaknesses for years but failed to fix them, leading to the leak of sensitive personal information.
Years of Neglect, Millions of Records Exposed
The Attorney General claims T-Mobile violated the state’s Consumer Protection Act by misleading customers about its data security. The breach, which occurred between March and August 2021, exposed names, addresses, phone numbers, and even driver’s license information for millions. Over 2 million Washington residents were affected, with over 180,000 having their Social Security numbers exposed. T-Mobile reportedly only discovered the breach after an anonymous tip revealed customer data was being sold on the dark web.
Weak Security and Misleading Customers
The lawsuit points to several failures on T-Mobile’s part:
- Known Vulnerabilities: T-Mobile was aware of numerous cyberattacks and security gaps as early as 2020, yet failed to adequately address them.
- Weak Passwords: The hackers allegedly used easily guessable passwords to access T-Mobile’s internal databases.
- Downplaying the Breach: T-Mobile’s notifications to affected customers allegedly minimized the severity of the breach, omitting crucial details like Social Security number exposure for some. The company’s website meanwhile reassured customers that their data was safe.
Seeking Justice and Reform
The Attorney General is seeking significant penalties against T-Mobile, including restitution for affected Washington residents. The lawsuit also demands that T-Mobile improve its cybersecurity practices and be more transparent with its customers about data breaches.
