Lawsuit explains how T-Mobile is exposing customer data to hackers

Lawsuit alleges T-Mobile AI training architecture is why it can't stop getting hacked
Artificial Intelligence or AI is something nearly all big companies are using to get ahead of the competition but the way T-Mobile is going about it is proving to be harmful for its customers, says a lawsuit filed by T-Mobile investor Jenna Harper.

According to the lawsuit, which was filed in late 2022, T-Mobile puts its customer data and credentials in one big, unified database to train its AI and machine learning models, undermining data security. It argues that 'this single-point of access data centralization' is contrary to well-established data security and storage practices.

T-Mobile and its parent company Deutsche Telekom (DT) have denied the allegations in the lawsuit, saying that it's based on speculation instead of facts.

Recommended Stories
As Light Reading notes, T-Mobile filed the response in the Delaware Court of Chancery, which is where disputes regarding the internal affairs of companies are often brought. Vice Chancellor Sam Glasscock III listened to arguments made by lawyers earlier this month.

This is not the first time a company has come under fire for using available data to train their systems and the existing regulations provide no clear guidance on what's acceptable and what's not. Any company using AI needs an enormous amount of data to train its AI models and improve its services and operations.

The main point of the lawsuit is T-Mobile's unified data-mining and AI-training architecture. Its foundation can be traced back to a program started by DT's T-Labs research division in 2014. It says that DT wanted to edge out rivals by unifying its data repository across business units and country borders.

The lawsuit goes on to say that DT's AI efforts stretched into T-Mobile after it acquired Sprint. Apparently, T-Mobile cut corners to remain a part of the AI program. T-Mobile has rubbished the allegations. 

For instance, T-Mobile opted for the programming language R, which is normally used for statistical modeling and lacks fundamental security features, instead of a sophisticated language like Python to create machine-learning applications. 

The lawsuit also says that T-Mobile developed an application programming interface (API) called qAPI with the ability to interact with various databases of information but failed to implement a secure method for accessing it. This created a single point of failure for security.

To support the claims, the complaint points out that T-Mobile has been the victim of multiple hacks after its merger with Sprint, including one in August 2021 that happened due to a single publicly exposed router.

Recommended Stories

Loading Comments...
FCC OKs Cingular\'s purchase of AT&T Wireless