Ride the Lightning

T-Mobile Data Breach: Class Action Lawsuits and More People Affected

August 24, 2021

Bloomberg Law reported on August 20 that T-Mobile had been hit with two class action lawsuits in the U.S. District Court for the Western District of Washington accusing it of violating the California Consumer Privacy Act by failing to protect consumer data from its recent data breach.

InfoSecurity Group reported on August 23 that approximately six million more current and former T-Mobile customers were affected by T-Mobile’s data breach.

T-Mobile said it was confident it had now closed off access and egress points for the attack but admitted that the breach impacted many more individuals than at first thought.

It said 5.3 million more post-paid customers’ accounts were compromised, exposing names, addresses, date of births, phone numbers, IMEIs and IMSIs. That’s on top of the 7.8 million already breached.

T-Mobile also said that an extra 667,000 accounts of former T- Mobile customers have been accessed, compromising customer names, phone numbers, addresses and dates of birth.

This is in addition to the 40 million former and prospective customers who had applied for credit and whose details were subsequently stolen by attackers.

With the additional disclosures, the total figure for the breach is now at 54.6 million current, former and prospective customers, up from 49 million.

Martin Riley, director of managed security services at Bridewell Consulting, said it was extremely concerning that T-Mobile was only made aware of the original incident after a threat actor started selling stolen customer data online.

“The problem is that working out what has been taken, and when, can be very challenging for many organizations which is why the average breach detection and containment time is still so long,” he added.

“Enterprises need to shift from a security monitoring and notification approach to one focused on threat detection and response. T-Mobile has been subject to numerous attacks in the past few years and needs to act competently and confidently to minimize reputational damage or a decline in public confidence.”

Good luck with that T-Mobile.

Hat tip to Dave Ries

Notice: The new RSS feed for Ride the Lightning is https://senseient.com/feed/?post_type=ride-the-lightning for those that wish to subscribe in a reader.

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225|Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson