Did T Mobile get hacked?
T-Mobile said it learned late last week that an individual in an online forum claimed to have breached its systems and was attempting to sell stolen customer data. The company confirmed on Aug. 16 that it was hacked, later adding that attackers made off with personal data from 54 million people. The Wall Street JournalT-Mobile Data Hack: What We Know and What You Need to Do
T-Mobile announced Friday it had discovered that another 5.3 million current customers and 667,000 former customers also had their information stolen.
The wireless carrier is now up against two class action lawsuits filed by upset customers, Bloomberg reported on Friday. Both lawsuits accuse T-Mobile of violating the California Consumer Privacy Act which allows any Californian the right to see all the information a company has saved on them, as well as a full list of all the third parties that data is shared with. One of the lawsuits also accuses T-Mobile of violating the Washington State Consumer Protection Act for having poor data security.
According to the lawsuit Espanoza v. T-Mobile USA Inc., the plaintiffs and the class action members contend their identities are at risk because of neglect on the part of T-Mobile. The plaintiffs are also concerned with the monetary costs and the "time spent mitigating the effects of the Data Breach, including time spent dealing with actual or attempted fraud and identity theft."
The information stolen from the customers includes names, addresses, dates of births, phone numbers, social security numbers, and driver's license information. T-Mobile says that the information stolen from the additional customers did not include social security numbers and driver's license information.
T-Mobile does not believe that customers had their financial information, credit card information, debit, or other payment information stolen in the attack.
T-Mobile reset the PINs associated with these accounts and is also offering additional protection services like McAfee's ID Theft Protection Service and Account Takeover Protection capabilities for all customers.
"We are continuing to take action to protect everyone at risk from this cyberattack, including those additional persons we recently identified," the company said in a statement. "We have sent communications to millions of customers and other affected individuals and are providing support in various ways."
T-Mobile originally became aware of the data breach after hackers posted in an underground forum, Vice's Motherboard first reported.
The seller of the information is asking for six bitcoins, worth about $297,279 as of publishing, for 30 million social security numbers and driver's licenses, according to Motherboard. The seller is privately offering the rest of the breached information.
Read full article at Fox Business
23 August, 2021 - 05:30am
20 August, 2021 - 08:33am
The move comes after Motherboard broke news of the breach on Sunday. At the time, a hacker was advertising 30 million SSNs from an unnamed source. Motherboard verified the data was sourced from T-Mobile; T-Mobile itself later confirmed the contours of the breach.
The plaintiffs and class members of the lawsuit say their identities "are now at considerable risk because of Defendant's [T-Mobile's] negligent conduct since the Private Information that T-Mobile collected and maintained is now in the hands of data thieves." The lawsuit adds that the victims may now face losing time and money dealing with the fallout of the data breach, including buying protective measures or because of attempted fraud and identity theft.
T-Mobile has offered customers free credit monitoring, but the lawsuit describes this move as "inadequate."
"Defendant places the burden squarely on Plaintiffs and Class Members by requiring them to expend time signing up for that service, as opposed to automatically enrolling all victims of this cybercrime. In addition, Defendant only offers these services for two years, even though experts agree that the effects of such a data breach can often be felt by victims for around seven years," the lawsuit continues.
The class action was filed by Morgan & Morgan, Terrell Marshall Law Group, Arnold Law Firm, Mason Lietz & Klinger, and The Consumer Protection Firm.
"Consumers entrust their valuable, personal information to companies with the reasonable expectation that it be kept confidential and secure. T-Mobile, a leading telecommunications company, allegedly failed to fully implement a data security system to protect their customers from cyberattacks. Their alleged reckless actions and inactions have exposed customers to years of constant surveillance of their financial and personal records, monitoring, and loss of rights. We will continue to hold companies accountable and fight to ensure all institutions do more to protect people’s data," Morgan & Morgan attorneys John Morgan and John Yanchunis said in an emailed statement.
Beyond granting the plaintiffs an unspecified amount of damages, the class action asks the court to prohibit T-Mobile from keeping "personal identifying information on a cloud-based database."
By signing up to the VICE newsletter you agree to receive electronic communications from VICE that may sometimes include advertisements or sponsored content.