Great Moto G Stylus deal on Amazon!
PhoneArena unveils the ultimate collector’s book for phone enthusiasts
PhoneArena unveils the ultimate collector’s book for phone enthusiasts

How angry T-Mobile subscribers responded to the latest data breach

By
3comments
T-Mobile
How angry T-Mobile subscribers responded to the latest data breach
The number of T-Mobile customers who were victimized by a recent data breach is believed to be 53 million according to the carrier, including 7.8 million postpaid subscribers. Bloomberg reported on Friday that a pair of class-action lawsuits have been filed against the wireless provider. The suits accuse the nation's second-largest carrier of violating the California Consumer Privacy Act (CCPA).

T-Mobile is the subject of two class-action suits following its latest data breach


The suits were filed in Washington state as the company's U.S. headquarters are located in Bellevue, Washington. The hackers obtained customers' names and phone numbers but on Friday T-Mobile said that social security numbers and IDs were not part of the breach.

A pair of class action suits have been filed against T-Mobile after last week's data breach - How angry T-Mobile subscribers responded to the latest data breach
A pair of class action suits have been filed against T-Mobile after last week's data breach
One lawsuit, filed by Veera Daruwalla (Daruwalla v. T-Mobile USA Inc) noted that T-Mobile blamed the data breach on hackers using the Twitter handle @und0xxed who had broken into T-Mobile's servers and gained access to the personal data belonging to the wireless provider's customers. While T-Mobile claims that the data stolen by the hackers was limited, the hackers themselves beg to differ.

As the plaintiff's filing states, "According to the hackers, the stolen personal identifying information (PII) includes customers’ names, addresses, social security numbers, drivers license information, phone numbers, dates of birth, security PINs, phone numbers, and, for some customers, unique IMSI and IMEI numbers (embedded in customer mobile devices that identify the device and the SIM card that ties that customer’s device to a telephone number)—all going back as far as the mid 1990s. The hackers also claim to have a database that includes credit card numbers with six digits of the cards obfuscated."

Besides looking to profit by selling personal data belonging to T-Mobile customers, obtaining the unique IMEI belonging to T-Mobile subscribers' phones could allow the hackers to perform what is known as a SIM-swap attack allowing bad actors to receive one-time passwords or get access to two-factor authentication codes. This could allow a cybercriminal to hijack a T-Mobile customer's phone allowing him/her access to the victim's financial accounts.

The suit claims that the hackers claim that over 100 million T-Mobile customers had their personal information swiped in the data breach. T-Mobile's preliminary investigation concluded that 7.8 million postpaid subscribers were involved along with 850,000 active prepaid customers and 40 million "former or prospective customers who had
previously applied for credit with T-Mobile."

One suit claims that T-Mobile was "reckless" with its subscribers' personal data


The CCPA allows statutory damages in a private right of action between $100 and $750 per customer per violation, or actual damages, whichever is greater. The plaintiffs also seek injunctive relief to protect T-Mobile customers from future data breaches. The filing also delves into past issues that the carrier has had with data breaches.

The second suit, filed by Stephanie Espanoza, Jonathan Morales, and Alex Pygin, says that T-Mobile handled all of the data belonging to its customers (including names, phone
numbers, drivers’ licenses, government identification numbers, Social Security numbers, dates of birth, and T‐Mobile account PIN numbers) "in a reckless manner." The plaintiffs also say that the computer system employed by T-Mobile to store this important personal data was "in a condition vulnerable to cyberattacks."

The court filing adds that T-Mobile was aware of the risks of not taking proper steps to secure its subscriber's personal data. The potential crimes that the hackers can commit with the stolen information include "fraudulently applying for unemployment benefits, opening new financial accounts in Class Members' names, taking out loans in Class Members' names, using Class Members' information to obtain government benefits (including unemployment or COVID relief benefits), filing fraudulent tax returns using Class Members' information, obtaining driver’s licenses in Class Members’ names but with another person’s photograph and providing false information to police during an arrest."

The plaintiffs in this suit seek damages, punitive damages, court costs, and attorneys' fees, prejudgement interest, and any other relief that the court feels is warranted.
https://m-cdn.phonearena.com/images/users/39-200/Alan-F.jpg
Alan Friedman Mobile Tech News Journalist
Alan, an ardent smartphone enthusiast and a veteran writer at PhoneArena since 2009, has witnessed and chronicled the transformative years of mobile technology. Owning iconic phones from the original iPhone to the iPhone 15 Pro Max, he has seen smartphones evolve into a global phenomenon. Beyond smartphones, Alan has covered the emergence of tablets, smartwatches, and smart speakers.

Featured Stories

In 2024, Pixel 7 makes both the $1,300 Galaxy S24 Ultra and $350 Nothing Phone 2 look overpriced!
In 2024, Pixel 7 makes both the $1,300 Galaxy S24 Ultra and $350 Nothing Phone 2 look overpriced!
Render and specs for OnePlus 13 leak
Render and specs for OnePlus 13 leak
Analyst sees changes coming to iPhone next year
Analyst sees changes coming to iPhone next year
Battery AI reportedly extends Galaxy S25 battery life
Battery AI reportedly extends Galaxy S25 battery life
Loading Comments...

Popular stories

T-Mobile celebrating Mint purchase with new and upgraded perks for customers
T-Mobile celebrating Mint purchase with new and upgraded perks for customers
4 billion Android users who downloaded apps flagged by Microsoft need to take some actions to stay safe
4 billion Android users who downloaded apps flagged by Microsoft need to take some actions to stay safe
Meta rubs salt in Apple Vision Pro wounds – the Android of AR/VR is here, and I'm super excited
Meta rubs salt in Apple Vision Pro wounds – the Android of AR/VR is here, and I'm super excited
Grab the JBL Xtreme 3 at its Black Friday price on Amazon and enjoy blasting tunes on the cheap
Grab the JBL Xtreme 3 at its Black Friday price on Amazon and enjoy blasting tunes on the cheap
Researcher answers the age-old question: which platform is more secure, iOS or Android?
Researcher answers the age-old question: which platform is more secure, iOS or Android?
Prices for the Motorola Edge (2022) remain too good to be true on Amazon
Prices for the Motorola Edge (2022) remain too good to be true on Amazon

Latest News

6G data speeds hit 100Gbps in test, 500 times faster than average 5G data speeds
6G data speeds hit 100Gbps in test, 500 times faster than average 5G data speeds
Patent application could indicate that Apple is working on a foldable iPhone
Patent application could indicate that Apple is working on a foldable iPhone
Check the list to see if your OnePlus device is eligible to receive OxygenOS 15
Check the list to see if your OnePlus device is eligible to receive OxygenOS 15
Bye AMD? Samsung reportedly plans to use in-house GPU starting with Exynos 2600 SoC
Bye AMD? Samsung reportedly plans to use in-house GPU starting with Exynos 2600 SoC
Under-screen Face ID for iPhone reportedly delayed (again)
Under-screen Face ID for iPhone reportedly delayed (again)
Mystery premium segment U.S smartphone will be powered by flagship MediaTek chipset
Mystery premium segment U.S smartphone will be powered by flagship MediaTek chipset
FCC OKs Cingular\'s purchase of AT&T Wireless