%20(1)%20(1).webp?w=1600&resize=1600,900&ssl=1)
Attorney General Bob Ferguson has filed a consumer protection lawsuit against T-Mobile, accusing the telecommunications giant of failing to secure sensitive personal information, resulting in a 2021 data breach that compromised the personal data of over 2 million Washington residents.
The lawsuit, filed in King County Superior Court, alleges that T-Mobile’s cybersecurity failures left consumers vulnerable to identity theft and fraud.
Allegations of Negligence and Misrepresentation
The lawsuit asserts that T-Mobile was aware of cybersecurity vulnerabilities for years but failed to address them adequately.
Among the allegations, Ferguson accuses the company of using weak security measures, such as easily guessable passwords, and neglecting to implement proper monitoring systems.
These shortcomings allowed a hacker to gain access to T-Mobile’s internal network in March 2021, exfiltrating sensitive information over several months until the breach was discovered in August 2021.
The stolen data included names, phone numbers, addresses, driver’s license information, and Social Security numbers for 183,406 Washington residents.
Ferguson also claims that T-Mobile misrepresented its commitment to protecting customer data.
Despite public assurances about prioritizing cybersecurity, the company allegedly failed to meet industry standards and did not provide adequate breach notifications.
Some affected customers received misleading or incomplete notifications that downplayed the severity of the breach.
Impact on Consumers and Legal Violations
The breach affected more than 79 million consumers nationwide, including 2,025,634 Washingtonians.
Ferguson’s lawsuit highlights how T-Mobile’s inadequate response hindered consumers’ ability to protect themselves from potential fraud.
For instance, customers whose Social Security numbers were exposed were not informed about this critical detail in the notifications they received.
The lawsuit argues that T-Mobile’s actions violated Washington’s Consumer Protection Act by failing to secure personal data properly and misleading customers about its cybersecurity practices.
Ferguson described the breach as “entirely avoidable,” emphasizing that T-Mobile had years to address known vulnerabilities but failed to act.
Legal Remedies Sought
Ferguson is seeking civil penalties and restitution for affected Washington residents.
Additionally, the lawsuit demands injunctive relief requiring T-Mobile to improve its cybersecurity measures and increase transparency in its communications with customers regarding data protection.
The Attorney General’s office aims to ensure that such breaches do not recur by compelling T-Mobile to adopt stricter cybersecurity protocols.
T-Mobile has faced multiple data breaches in recent years and has already settled with federal regulators over similar issues.
However, Ferguson’s lawsuit underscores ongoing concerns about the company’s ability—or willingness—to safeguard customer information effectively.
Also Read:
%20(1).webp?w=1200&resize=1200,0&ssl=1 "Data Breach Alert: Platinum Pharmaceuticals Targeted by Alleged Hackers")
%20(1).webp?w=1200&resize=1200,0&ssl=1 "Cyberattack Alert: Termite Ransomware Group Targets Huntington Hotel Group")
%20(1)%20(1).webp?w=1200&resize=1200,0&ssl=1&description=The%20lawsuit,%20filed%20in%20King%20County%20Superior%20Court,%20alleges%20that%20T-Mobile%E2%80%99s%20cybersecurity%20failures%20left%20consumers%20vulnerable%20to%20identity%20theft.){kind=link}