At least 3 lawsuits filed against T-Mobile for its recent major security breach
T-Mobile customers were shocked to find out about a recent data breach that affected many people and we reported back towards the end of August. Now, TmoNews reports that the big carrier would be facing at least 3 class-action lawsuits because of the data breach.
At least 3 customers have filed class-action lawsuits against the major carrier. The main accusation of these lawsuits is negligence after the customers' personal data was exposed by the recent hack. The three lawsuits have been filed in a district court and each of them has demanded jury trials.
Two of these cases have accused T-Mobile of violating the US Federal Trade Commission (FTC) act, which is created to hinder companies from engaging in "unfair or deceptive" types of activities. Apparently, this includes T-Mobile's failure to maintain a high level of security measures in order to keep their customers' data safe from hackers.
Additionally, one of the filings underlined an FTC-provided guideline, that advises businesses not to maintain or store any personally identifiable information that is no longer needed for transaction authorization.
The hack that happened affected around 48 million customers in total, 40 million out of them may fall under the coverage of the FTC law.
In the fourth week of August, we reported about the security breach that affected T-Mobile and ended up exposing names, social security numbers, driver license numbers, and birth dates of around 48 million customers. This information was available for sale for malicious users, although no information it was ever bought was revealed.
A 21-year-old hacker named John Binns has claimed to have performed the hack, and surprisingly, according to him, it wasn't even that hard. He has reportedly identified an unprotected router, and has discovered it with the help of a "publicly available tool". This made it possible for him to gain access to more than 100 T-Mobile servers containing important personally identifiable information of the carriers' customers.
Reportedly, the data that was leaked was, as we mentioned above, phone numbers, IMEI, names, birth dates, Social Security numbers, addresses, and all of these sensitive pieces of data were stored together for current, former, and "prospective" T-Mobile subscribers.
Of course, such a major breach was a crisis for T-Mobile. Within two days, the company has notified almost all the users whose data was affected by the data breach and it has stated the investigation was complete. According to the hacker, Binns, the hack was made from his home, and before T-Mobile manages to kick the hacker out of their servers, he has already copied and therefore stolen the data.
T-Mobile has started recommending customers to sign up for "T-Mobile's free scam-blocking protection through Scam Shield" and is offering two years of free identity protection services with McAfee's ID Theft Protection Service.
Additionally, the company will be offering "Account Takeover Protection" to postpaid customers. All customers were urged to reset all passwords and PIN numbers.
In order to not let anything else like this happen in the future, T-Mobile CEO Mike Sievert has announced the carrier has singed long-term partnerships with Mandiant and KPMG LLG so the T-Mobile security systems get improved and made stronger, and these partnerships will give the telecommunications giant the "firepower" that's needed to better protect their customers from cybercriminals.
At least 3 lawsuits are looming on T-Mo's head because of the data breach
At least 3 customers have filed class-action lawsuits against the major carrier. The main accusation of these lawsuits is negligence after the customers' personal data was exposed by the recent hack. The three lawsuits have been filed in a district court and each of them has demanded jury trials.
Additionally, one of the filings underlined an FTC-provided guideline, that advises businesses not to maintain or store any personally identifiable information that is no longer needed for transaction authorization.
On top of that, one of these lawsuits accuses T-Mobile of violating the California Consumer Privacy Act, which assigns a specific penalty to a company that allows unauthorized access to customer data. Such a penalty may range between $100 and $750 per customer or incident.
The hack that happened affected around 48 million customers in total, 40 million out of them may fall under the coverage of the FTC law.
T-Mobile cybersecurity incident: what happened?
In the fourth week of August, we reported about the security breach that affected T-Mobile and ended up exposing names, social security numbers, driver license numbers, and birth dates of around 48 million customers. This information was available for sale for malicious users, although no information it was ever bought was revealed.
A 21-year-old hacker named John Binns has claimed to have performed the hack, and surprisingly, according to him, it wasn't even that hard. He has reportedly identified an unprotected router, and has discovered it with the help of a "publicly available tool". This made it possible for him to gain access to more than 100 T-Mobile servers containing important personally identifiable information of the carriers' customers.
Of course, such a major breach was a crisis for T-Mobile. Within two days, the company has notified almost all the users whose data was affected by the data breach and it has stated the investigation was complete. According to the hacker, Binns, the hack was made from his home, and before T-Mobile manages to kick the hacker out of their servers, he has already copied and therefore stolen the data.
T-Mobile has started recommending customers to sign up for "T-Mobile's free scam-blocking protection through Scam Shield" and is offering two years of free identity protection services with McAfee's ID Theft Protection Service.
Additionally, the company will be offering "Account Takeover Protection" to postpaid customers. All customers were urged to reset all passwords and PIN numbers.
Things that are NOT allowed: