The state of Washington has filed a lawsuit against T-Mobile, alleging that the telecommunications giant failed to adequately protect the personal data of millions of residents before a massive data breach in August 2021. This incident compromised the records of over 79 million customers across the United States.
According to a statement from Washington Attorney General Bob Ferguson, the company had been aware of certain cybersecurity vulnerabilities for years but failed to address them effectively. The lawsuit seeks financial compensation under state consumer protection laws and demands that T-Mobile implement stricter cybersecurity policies.
The August 2021 attack was just one of several similar incidents in recent years; since 2018, the company has reported at least five security breaches, according to TechCrunch. In this case, a hacker gained access to T-Mobile’s systems and extracted sensitive information, including names, birth dates, Social Security numbers, and driver’s license data. Some of this stolen information was later posted on a known cybercriminal forum.
Ferguson also accused T-Mobile of providing insufficient notifications to affected customers, downplaying the severity of the attack and omitting crucial details. This, he said, hindered consumers’ ability to assess their risk of identity theft or fraud.
“This data breach was completely preventable,” Ferguson stated. “T-Mobile had years to address critical vulnerabilities in its cybersecurity systems and failed to do so.”
The complaint, filed in a federal court in Seattle, includes redacted sections concealing technical details about the hack but highlights key shortcomings in the company’s security policies and internal systems. Among the deficiencies cited are the use of weak passwords and easily guessed credentials, the lack of restrictions on login attempts, and inadequate monitoring systems that allowed the attacker to operate undetected.
Additionally, the lawsuit claims that T-Mobile’s public statements misrepresented the strength of its cybersecurity defenses and minimized the risk posed by customer data found on the dark web. According to Ferguson, these actions could have misled a substantial number of consumers in Washington state.
When contacted for comment on the lawsuit, a T-Mobile spokesperson did not provide an immediate response.
By: Nestor Castillo, ForAllTechNews Director